$IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 53 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p udp -m tcp --dport 53 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 80 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 110 -j ACCEPT $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT What more do I add to allow natting as well as a secure FORWARD policy? Is the position of ESTABLISHED rule ok? You need to add a chains for NEW packets with tcp-flags syn.You need replace from console : $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 53 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p udp -m tcp --dport 53 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 80 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 110 -j ACCEPT to -A FORWARD -d 125.125.125.0/32 -m state --state NEW -p tcp -m tcp --dport 53 --syn -j ACCEPT -A FORWARD -d 125.125.125.0/32 -m state --state NEW -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -d 125.125.125.0/32 -m state --state NEW -p tcp -m tcp --dport 80 --syn -j ACCEPT -A FORWARD -d 125.125.125.0/32 -m state --state NEW -p tcp -m tcp --dport 110 --syn -j ACCEPT -- "Visit GNU/Linux Success Stories" http://payal.staticky.com Guest-Book Section Updated.
