Thanks Goetz and Chris! I'll try that now. Sorry for the late reply. Just got in the office. Cheers, fritz <www.mesedilla> --- + Basta Ikaw Lord -----Original Message----- From: Chris Brenton [mailto:cbrenton@xxxxxxxxxxxxxxxx] Sent: Friday, November 07, 2003 6:33 PM To: Fritz Mesedilla Cc: Netfilter "Mailing List (E-mail) Subject: Re: firewalled dns clients On Thu, 2003-11-06 at 22:49, Fritz Mesedilla wrote: > > I tried this and nothing happened. > $IPTABLES -A INPUT -p tcp --sport 53 -j ACCEPT > even a > $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT Try: iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source x.x.x.x iptables -A FORWARD -p udp -i eth1 -s y.y.y.y -d 0/0 --dport 53 -j ACCEPT iptables -A FORWARD -p tcp -i eth1 -s y.y.y.y -d 0/0 --dport 53 -j ACCEPT x.x.x.x = Firewall's legal external IP address y.y.y.y = internal private subnet eth0 = external interface (change to eth1 if needed) eth1 = internal interface (change to eth0 if needed) HTH, C ---------------------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Overture Media, Inc. Direct Line: (632) 635-4785 Trunkline: (632) 631-8971 Local 146 Fax: (632) 637-2206 Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100
