> Fire wall with iptables two Ethernet for LAN and wan. I can > do ssh from the fire wall but from the LAN workstations it is > not possible. I use ssh client software for windows. do I > need to set firewall ip and port at ssh client if so which port. > > $IPTABLES -A FORWARD -p tcp -s 192.168.145.23 -d > **.***.***.*** --destination-port 22 -m state --state NEW -j ACCEPT Is it your intention to let the Windows boxes connect to only 1 IP ? This rule only let's the initial connection through. Do you also have a rule like this one (which I would place [almost] in top of your other rules) : $IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT And have you turned on IP forwarding ? echo "1" > /proc/sys/net/ipv4/ip_forward > This is the command. Do I need to put at the beginning of the > forward table? Unless some other rule is preventing you from reaching this one, no : you can but don't *need* to. Gr, Rob
