I have a couple questions... I am using iptables as a firewall on a linux machine(router) with 2 nic's. Everything on the internal network has an internal ip. As it passes through the firewall(router) it is given a public ip (stub network using dnat and snat along with some static routes in the routing table). This is my first time building a firewall, so I am still learning alot of the basics. Here are my questions. 1. I have 2 webservers behind the firewall. Is it possible on the firewall to setup a rule that will allow port 80 to only be open to those ip's? Or will that not allow other computers behind the firewall to browse the internet? If so what will the rule look like? iptables -A FORWARD ?????????? HELP =) 2. Also, because I'm routing/forwarding packets through 2 NIC's(eth1 public, eth0 internal), is it possible to have iptables to tell where the packet is coming from? ie. if I wanted to disable all incoming traffic on the FORWARD chain (except for allowed rules), but allow all outgoing traffic on the FORWARD chain. How would I do this? Thanks for all the help, Patrick
