On Thu, Sep 11, 2003 at 06:09:29AM +0000, Vishwanatn T. K. wrote: > > $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 110 -j ACCEPT > > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > > > What more do I add to allow natting as well as a secure FORWARD policy? > > Is the position of ESTABLISHED rule ok? > > > > You need to add NEW state in the above FORWARD rule for this to work. > > $IPTABLES -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT Just confirming this from all. Please check whether this is ok. $IPTABLES -I PREROUTING -t nat -p tcp -d 202.x.x.x -j DNAT --to 125.125.125.2 $IPTABLES -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 53 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p udp -m tcp --dport 53 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 80 -j ACCEPT $IPTABLES -A FORWARD -s 125.125.125.0/32 -p tcp -m tcp --dport 110 -j ACCEPT echo "1" > /proc/sys/net/ipv4/ip_forward $IPTABLES -P FORWARD ACCEPT ^^^^^^ $IPTABLES -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT Can I now change the ACCEPT statement to DROP without any fear? Thanks a lot in advance and bye. With warm regards, -Payal -- "Visit GNU/Linux Success Stories" http://payal.staticky.com Guest-Book Section Updated.
