------Message Previous of Antony. >I see no rule in your ruleset allowing those packets through the >FORWARD chain >on your machine, therefore it won't pass them on to the client? > >Maybe I'm missing something because of the layout of the rules - if >you think >the appropriate FORWARDing rules are there, please post the >output of >"iptables -L -nvx; iptables -L -t nat -nvx; iptables -L -t mangle ->nvx" >because I find this an easier format to understand for such a long >ruleset. OK, Thanks you Antony... Linux:~# iptables -L -nvx Chain INPUT (policy DROP 29421 packets, 1718646 bytes) pkts bytes target prot opt in out source destination 101717 5292111 bad_tcp_packets tcp -- * * 0.0.0.0/0 0.0.0.0/0 6560 808679 ACCEPT all -- eth1 * 192.0.0.0/8 0.0.0.0/0 2 244 ACCEPT all -- lo * 127.0.0.1 0.0.0.0/0 0 0 ACCEPT all -- lo * 192.168.111.1 0.0.0.0/0 0 0 ACCEPT all -- lo * 200.xxx.xxx.xxx 0.0.0.0/0 3142 642016 ACCEPT all -- * * 0.0.0.0/0 200.xxx.xxx.xxx state RELATED,ESTABLISHED 24164 1124548 tcp_packets tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 4464 1114537 udp_packets udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 927 46338 icmp_packets icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 13005 809968 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT INPUT packet died: ' Chain FORWARD (policy DROP 11272 packets, 552279 bytes) pkts bytes target prot opt in out source destination 14218836 7001833881 bad_tcp_packets tcp -- * * 0.0.0.0/0 0.0.0.0/0 7966884 4793464646 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 6585552 2237493007 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 8688 425676 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT FORWARD packet died: ' Chain OUTPUT (policy DROP 2 packets, 128 bytes) pkts bytes target prot opt in out source destination 5192 230734 bad_tcp_packets tcp -- * * 0.0.0.0/0 0.0.0.0/0 2 244 ACCEPT all -- * * 127.0.0.1 0.0.0.0/0 2127 454165 ACCEPT all -- * * 192.168.111.1 0.0.0.0/0 8965 590752 ACCEPT all -- * * 200.xxx.xxx.xxx 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT OUTPUT packet died: ' Chain allowed (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 Chain bad_tcp_packets (3 references) pkts bytes target prot opt in out source destination 4819 230860 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset 75974 5381480 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW LOG flags 0 level 4 prefix `New not syn:' 75974 5381480 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW Chain icmp_packets (1 references) pkts bytes target prot opt in out source destination 251 7920 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 54 3372 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 Chain tcp_packets (1 references) pkts bytes target prot opt in out source destination 0 0 allowed tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4661 0 0 allowed tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 0 0 allowed tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711 Chain udp_packets (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2074 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4000 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4665 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4672 1774 609945 DROP udp -- eth0 * 0.0.0.0/0 255.255.255.255 udp dpts:67:68 Linux:~# --------------- ---------------- Linux:~# iptables -L -t nat -nvx Chain PREROUTING (policy ACCEPT 459191 packets, 27464157 bytes) pkts bytes target prot opt in out source destination 63 2809 DNAT tcp -- * * 0.0.0.0/0 200.xxx.xxx.xxx tcp dpt:4661 to:192.168.111.2:4661 11346 555376 DNAT tcp -- * * 0.0.0.0/0 200.xxx.xxx.xxx tcp dpt:4662 to:192.168.111.2:4662 0 0 DNAT udp -- * * 0.0.0.0/0 200.xxx.xxx.xxx udp dpt:4665 to:192.168.111.2:4665 0 0 DNAT udp -- * * 0.0.0.0/0 200.xxx.xxx.xxx udp dpt:4672 to:192.168.111.2:4672 Chain POSTROUTING (policy ACCEPT 1 packets, 208 bytes) pkts bytes target prot opt in out source destination 350137 19348610 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:200.xxx.xxx.xxx Chain OUTPUT (policy ACCEPT 1354 packets, 176307 bytes) pkts bytes target prot opt in out source destination Linux:~# ------------------ Linux:~# iptables -L -t mangle -nvx Chain PREROUTING (policy ACCEPT 14720036 packets, 7058043928 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 119262 packets, 7994213 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 14600748 packets, 7050048259 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 11528 packets, 1085092 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 14597456 packets, 7049102787 bytes) pkts bytes target prot opt in out source destination Linux:~# ----------------------- --------------------- And please, Antony, I don't have great iptables knowledge... you could tell me what rule should add and what rule should remove or to modify (and how... ) so that it works???? I thank you cordially your help Richard