On Sunday 27 October 2002 3:05 pm, Ben Tan wrote: > hi, > I am considering to setup a firewall to allow the remote desktop > connection for internet. which ports to allow for INPUT, FORWARD, OUTPUT? > > There will be a DNAT for each connecton request to the internal client. You do not require any ports open in your INPUT and OUTPUT chains because these are only for packets to/from the netfilter machine - which obviously is not the machine running the service if you're talking about XP. Try the following rules in your FORWARD chain, and use the logged results to tell you what additional rules you need to allow in order to let the packets through: iptables -A FORWARD -s a.b.c.d -d w.x.y.z -j LOG iptables -A FORWARD -d a.b.c.d -s w.y.x.z -j LOG Where a.b.c.d and w.x.y.z are the two machines you're trying to get to talk to each other. Antony. -- Anyone that's normal doesn't really achieve much. - Mark Blair, Australian rocket engineer
