"It's not working" does not give us helpful error information. What is your FORWARD policy? Those two forward rules you do have will let packets go out to the internet, but I don't see any reverse rules to allow packets to return. Where in your chains do you think the packets are getting blocked? echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A FORWARD -p tcp --source-port 110 -i eth1 -m state --state ESTABLISHED -j ACCEPT iptables -A FORWARD -p tcp --source-port 25 -i eth1 -m state --state ESTABLISHED -j ACCEPT On Tue, 13 May 2003, Jairo.Castañeda wrote: Hi, I just started working with IPTables but I think I chose a difficult task to acomplish, let me explain: INTERNET <-------------> ETH1[LINUX BOX RH9] ETH0 <-----------> LAN The users in the LAN need to be able to read their email which is stored in a POP3/SMTP mail server located in INTERNET so I did the following: 1. I defined as my users´ default gateway the Linux box 2. In the linux box, I created the following rules IPTABLES -A FORWARD -p tcp --destination-port 110 -i eth0 -j ACCEPT IPTABLES -A FORWARD -p tcp --destination-port 25 -i eth0 -j ACCEPT IPTABLES -t nat -A POSTROUTING -p tcp -i eth0 -o eth1 -j MASQUERADE Well I read the FAQ and I think this configuration should be enough, but it´s not working. Am I missing something here? Thanks for your help. Jairo Castañeda
