On Friday 07 February 2003 12:56 am, purushotham.krishnappa@philips.com wrote: > Hi > > > The requirement is like this > > > WebServer-------------------- - > ----Router/Firewall---------------------------------------client > 10.60.90.7/8 eth1 eth0 > 192.168.10.15 10.60.90.5/8 > 192.168.10.5/24 > i am not able to connect to webserver from 192.168.10.5 to 10.60.90.7 > BUT i can ping 10.60.90.5 I need clients to connect from > 192.168.10.0/24 to able to connect to only port 80 on 10.161.90.7.8 > # (4) FORWARD chain rules > # Accept the packets we want to forward > iptables -A FORWARD -i eth1 -j ACCEPT > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT Unless I read your situation wrong, the connections from 192.168.10.x will be coming in eth0, not eth1. These rules allow any traffic from 10.60.x.y coming in eth1 through, and any EST/REL traffic through either way You also need: iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 10.60.90.5 -j ACCEPT to allow the DNATted connections through. j
