My iptables firewall rules include a default policy of DROP for INPUT and FORWARD, ACCEPT for OUTPUT. The first line in the rules includes an ACCEPT for the INPUT chain for established and related connection. There is also a rule allowing any traffic for all protocols to any host which originates from the protected network on the internal interface.
Do you an ACCEPT for the FORWARD chain for established and related connections?
-- Philip Craig - SnapGear, A CyberGuard Company - http://www.SnapGear.com
