You were right about the reverse rules... Adding them solved the issue... This is like working with access-lists so I think I got the concept. Thanks -----Original Message----- From: Myles Uyema [mailto:mlists@xxxxxxxxx] Sent: Martes, 13 de Mayo de 2003 08:14 p.m. To: Jairo.Castañeda Cc: 'netfilter@xxxxxxxxxxxxxxxxxxx' Subject: Re: NAT help "It's not working" does not give us helpful error information. What is your FORWARD policy? Those two forward rules you do have will let packets go out to the internet, but I don't see any reverse rules to allow packets to return. Where in your chains do you think the packets are getting blocked? echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A FORWARD -p tcp --source-port 110 -i eth1 -m state --state ESTABLISHED -j ACCEPT iptables -A FORWARD -p tcp --source-port 25 -i eth1 -m state --state ESTABLISHED -j ACCEPT On Tue, 13 May 2003, Jairo.Castañeda wrote: Hi, I just started working with IPTables but I think I chose a difficult task to acomplish, let me explain: INTERNET <-------------> ETH1[LINUX BOX RH9] ETH0 <-----------> LAN The users in the LAN need to be able to read their email which is stored in a POP3/SMTP mail server located in INTERNET so I did the following: 1. I defined as my users´ default gateway the Linux box 2. In the linux box, I created the following rules IPTABLES -A FORWARD -p tcp --destination-port 110 -i eth0 -j ACCEPT IPTABLES -A FORWARD -p tcp --destination-port 25 -i eth0 -j ACCEPT IPTABLES -t nat -A POSTROUTING -p tcp -i eth0 -o eth1 -j MASQUERADE Well I read the FAQ and I think this configuration should be enough, but it´s not working. Am I missing something here? Thanks for your help. Jairo Castañeda
