Hellon Thanks for your help, This dedicated box, is on my local network, but don't be a reuters, just a server, i have a hard reuters, with hard firewall integrate in this reuters. My question is not realy clear, i try again to explain it : I want block, all attack, and all flood or other shit related to the hackers, of my server, for this, i have only forward few ports on my hardware reuters, 80, 110, 25, 143, 21, 53, 443, 993, all others are blocked by the hardware firewall. Now i want prevent any thing would be attempt by using this ports. So i want create an firewall for prevent this, and authorise ALL traffic in the local network, but filtering the outgoing packets from the server, for not allow any other things that the things requested by the puters itself. I'm not sure to be clear if no, i can try again to explain it, but i'm not speaking english very well, that's not my main language. I'm a realy begginer to Iptables, and a novice to Linux. Ihe local network, but filtering the outgoing packets from the server, for not allow any other things that the things requested by the puters itself. I'm not sure to be clear if no, i can try again to explain it, but i'm not speaking english very well, that's not my main language. I'm a realy begginer to Iptables, and a novice to Linux. I'm listening ALL help ... :) and any help would be appreciated. Thanks in advance for any help from anyone :) Sincerely, Tanen. ---> -----Message d'origine----- ---> De : netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- ---> admin@xxxxxxxxxxxxxxxxxxx] De la part de Antony Stone ---> Envoyé : jeudi 11 décembre 2003 12:23 ---> À : netfilter@xxxxxxxxxxxxxxxxxxx ---> Objet : Re: [IP ?] what ip must be filtered ? ---> ---> On Thursday 11 December 2003 8:58 am, Tanen wrote: ---> ---> > Hello, ---> > ---> > I'm confused, i try to set up my Firewall, with iptables sure :) ---> > The problem, an easy problem to solve for you, but a big for me, it's ---> the ---> > next : ---> > I have an Dedicated server, Linux, on an internal local network, who ---> have ---> > as ip 192.168.0.1, and other puters have 192.168.0.2 *.3 *.4 etc ... ---> BUT ---> > the dedicated box, use the reuters of my connection to be connected ---> to ---> > internet. This reuters have as ip 192.168.0.100, and my external ip ---> have as ---> > ip 63.*.*.*, my problem is to know, WHAT ip i must filter, to prevent ---> of ---> > any attack or hack, the reuters is forwarding the needed port (http, ---> > pop/imap/smpt) to the dedicated box. All work fine sure. But what IP ---> i must ---> > filtered, and authorised for have my firewall working fine ? actualy ---> when ---> > i'm filtering my local ip, or my external ip, my mail server, isn't ---> getting ---> > any mail from www, someone can help me please ? ---> ---> The simplest way to do what you want is not to think about IP addresses ---> so ---> much as which interface they're connected to. ---> ---> Let's assume that your firewall has 192.168.0.100 on eth0 (private, ---> internal) ---> and 63.x.y.z on eth1 (public, external) ---> ---> Then a good start to your ruleset would be: ---> ---> iptables -P FORWARD DROP ---> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT ---> iptables -A FORWARD -i eth1 -o eth0 -m state --state ---> ESTABLISHED,RELATED -j ---> ACCEPT ---> iptables -A POSTROUTING -t nat -o eth1 -j SNAT --to 63.x.y.z ---> ---> An improvement on the above rules would be to be more restrictive about ---> what ---> traffic you allow from internal clients to the Internet, however this ---> is a ---> start. ---> ---> If you don't understand anything about the above rules feel free to ask ---> again. ---> ---> Antony. ---> ---> -- ---> It is also possible that putting the birds in a laboratory setting ---> inadvertently renders them relatively incompetent. ---> ---> - Daniel C Dennet ---> ---> Please reply to ---> the list; ---> please don't ---> CC me. --->