On Sunday 12 October 2003 7:17 pm, Arnt Karlsen wrote: On Sun, 12 Oct 2003 18:40:27 -0600, Herman <Herman@xxxxxxxxxxxxxxxxxxxxx> wrote in message <200310121840.27031.Herman@xxxxxxxxxxxxxxxxxxxxx>: > The real problem that I'm trying to solve is this: > Several hosts need to acces a gov service that uses Java and a certain > port. ..if these hosts are initiating this connection from your end, " -j ESTABLISHED,RELATED" should do it, instead of you running around chasing your tail. Hi Arnt, Could you please elaborate on that? As far as I can see, the hosts are initiating the connection, but the port must somehow be forwarded through the firewall snat box. This is what I have: echo " DNAT Forward port 3270 for Alberta Registries application on Pluto" $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 3270 -j ACCEPT $IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3270 -j DNAT --to 192.168.10.1:3270 This is working now, provided that I use that specific IP address on the inside - I had to load the iptable_mangle module, which made my problems go away... I don't understand how to add the ESTABLISHED,RELATED idea into this type of rule. Something like this: $IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3270 -m state --state ESTABLISHED,RELATED ??? Cheers, -- Herman Oosthuysen B.Eng(E), MIEEE Aerospace Software Ltd. Ph: 1.403.241-8773, Cell: 1.403.852-5545, Fx: 1.403.241-8841 Herman@xxxxxxxxxxxxxxxxxxxxx, http://www.AerospaceSoftware.com
