iptables -t filter -A FORWARD -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
Jeff
Herman wrote:
On Sunday 12 October 2003 7:17 pm, Arnt Karlsen wrote: On Sun, 12 Oct 2003 18:40:27 -0600, Herman <Herman@xxxxxxxxxxxxxxxxxxxxx> wrote in message
<200310121840.27031.Herman@xxxxxxxxxxxxxxxxxxxxx>: > The real problem that I'm trying to solve is this: > Several hosts need to acces a gov service that uses Java and a certain > port.
..if these hosts are initiating this connection from your end, " -j ESTABLISHED,RELATED" should do it, instead of you running around chasing your tail.
Hi Arnt,
Could you please elaborate on that?
As far as I can see, the hosts are initiating the connection, but the port must somehow be forwarded through the firewall snat box.
This is what I have:
echo " DNAT Forward port 3270 for Alberta Registries application on Pluto"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 3270 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3270 -j DNAT --to 192.168.10.1:3270
This is working now, provided that I use that specific IP address on the inside - I had to load the iptable_mangle module, which made my problems go away...
I don't understand how to add the ESTABLISHED,RELATED idea into this type of rule.
Something like this:
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3270 -m state --state ESTABLISHED,RELATED
???
Cheers,
