...perhaps it is self-governing. Best practices would dictate that instant messaging on a firewall is a bad idea. The idea for a FW is minimal packages, no permanent compilers, certainly not X and all of its user-ware. It's remote-code-execution waitin' to happen. Question, why do you SNAT external Jabber traffic to your FW's internal IP? In doing that your server sees the traffic as originating from $InIP, vice its true source. > I'm doing port forwarding to a server that runs jabber and everything > works fine, I did notice that if I bring up a jabber client on the > firewall itself I do not get connected. While this isn't really > needed... I don't totally understand why it doesn't work. Being > inquisitive... well I just gots to know why! Can anyone shed some > light? > > My rules for the jabber port forward are: > > iptables -A FORWARD > -i $ExIF -d $JabIP -p tcp --dport $JabPort > -j ACCEPT > iptables -A PREROUTING > -t nat -d $ExIP -p tcp --dport $JabPort > -j DNAT --to-destination $JabIP iptables -A POSTROUTING > -t nat -d $JabIP -p tcp --dport $JabPort > -j SNAT --to-source $InIP
