On Mon, 2004-02-23 at 16:23, John Black wrote: > Since i'm running separate servers for FTP, Mail, and Web, and using dnat to > port forward to these machines. Do i need these ports open on the firewall? <snip> I am not an expert on the inward workings of iptables but I would assume that you do. The NAT targets will change the source and destination addresses but the packets (at least the first packet in the case of connection tracking) must traverse the FORWARD chain of the filter table. It will pass through that table with the real address so there must be a rule to allow access to the real address. If someone tells you otherwise, listen to them :-) -- Open Source Development Corporation Financially Sustainable open source development http://www.opensourcedevelopmentcorp.com
