Hello: I tried to configure an iptables firewall, but i can't. I need cofigure this to use FTP, Kazaa, Internet, ICQ and access the IMAP server of Netscape with my Netscape Client. I'm a Linux newbie. Please Help me!!! Regards, DANIEL ARJONA PD: SEE MY IPTABLES SCRIPT ## eth1 = my local interface ## eth0 = public network interface ## XXX.XXX.XXX.0/24 = My local subnet ## FLUSH iptables -F iptables -X iptables -Z iptables -t nat -F ## DEFAULT POLICIES iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT ## LOCAL HOST iptables -A INPUT -i lo -j ACCEPT ## ACCEPT ACCESS FROM THE LOCAL NETWORK & LOCAL INTERFACE iptables -A INPUT -s XXX.XXX.XXX.0/24 -i eth1 -j ACCEPT ## SMTP Port iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 25 -j ACCEPT ## POP3 Port iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 110 -j ACCEPT ## FORWARDS TO HTTP PORT iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 80 -j ACCEPT ## FORWARDS TO HTTPS PORT iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 443 -j ACCEPT ## FORWARDS TO IMAP PORT iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 143 -j ACCEPT ## FORWARDS TO KAZAA PORT iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 1214 -j ACCEPT ## FORWARD TO DNS QUERIES PORT iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 53 -j ACCEPT iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p udp --dport 53 -j ACCEPT ## FORWARDS TO FTP PORT iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 21 -j ACCEPT ## DENIED FORWARD FOR THE OTHERS PORTS iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -j DROP ## MASQUERADING OF THE LOCAL NETWORK iptables -t nat -A POSTROUTING -s XXX.XXX.XXX.0/24 -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A INPUT -s 0.0.0.0/0 -i eth0 -p tcp --dport 1:1024 -j DROP iptables -A INPUT -s 0.0.0.0/0 -i eth0 -p udp --dport 1:1024 -j DROP ## CLOSE WEBMIN PORT iptables -A INPUT -s 0.0.0.0/0 -i eth0 -p tcp --dport 10000 -j DROP echo " OK . Verifique que lo que se aplica con: iptables -L -n" # END