On Sunday 12 October 2003 7:17 pm, Arnt Karlsen wrote: On Sun, 12 Oct 2003 18:40:27 -0600, Herman <Herman@xxxxxxxxxxxxxxxxxxxxx> wrote in message
<200310121840.27031.Herman@xxxxxxxxxxxxxxxxxxxxx>: > The real problem that I'm trying to solve is this: > Several hosts need to acces a gov service that uses Java and a certain > port.
..if these hosts are initiating this connection from your end,
" -j ESTABLISHED,RELATED" should do it, instead of you
running around chasing your tail.
I don't have the whole thread so I apologize if I missed something. If you are using SNAT the return packets should be RELATED or ESTABLISHED and they can be passed back to your box without any further natting:
# Masquerade everything leaving the lan as the firewall IP. iptables -t nat -A POSTROUTING -o $Net_Interface -j SNAT --to $Net_IP
# This makes sure the returning packets make it through. iptables -t filter -A INPUT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
Jeff
