On Sun, Jul 18, 2004 at 05:39:05PM +0100, Antony Stone wrote: > This one: > > > > $IPTABLES -A FORWARD -d 10.10.10.2 -p tcp --dport 25 -j ACCEPT I have pasted my FORWARD rules at, (they are small and simple), http://payal.staticky.com/fw1.txt > > > > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > > > $IPTABLES -A FORWARD -s 192.168.0.0/16 -p tcp --dport 3128 -j ACCEPT > > > > $IPTABLES -A FORWARD -s 192.168.0.0/16 -p tcp --dport 53 -j ACCEPT > > > > $IPTABLES -A FORWARD -s 192.168.0.0/16 -p udp --dport 53 -j ACCEPT > > These rules do not say "but only to the Internet", therefore they allow > packets to the DMZ as well. It is still very confusing. Forget port 25 for a moment. I have never mentioned port 10000, the webmin port at all. Still I can access it from my LAN machine? HOW? Afterall the FORWARD policy is DROP. It should DROP what it cannot find. If I do a specific DROP like $IPTABLES -A FORWARD -s 192.168.0.0/16 -p tcp --dport 10000 -j DROP the packets are dropped, but not otherwise. What must be wrong? With warm regards, -Payal
