On Tuesday 20 July 2004 8:47 pm, Frédéric Gonzatti wrote: > Hi all, > > I''ve got a firewall with three cards : eth0 (LAN), eth1(DMZ) and eth2 > (WAN). > I'm trying to test port forward with iptables but it doesn't work ! > eth0 : 172.168.2.1 (I'm not using this card now) > eth1: 192.168.2.1/255.255.255.0 > eth2: 192.168.3.1/255.255.255.0 > > On the DMZ I've put a computer (192.168.2.151/255.255.255.0) with sendmail. > When I'm on this computer a telnet localhost 25 is working fine. > I've connected a computer on eth2 with ip 192.168.3.2/255.255.255.0 > I would like to access to the computer with sendmail when I make a > telnet 192.168.3.1 but I've got a timeout response. > What it's wrong with this script ? I see nothing obvious wrong with your script; however, what do you get for the packet & byte counters from "iptables -L -nvx; iptables -L -t nat -nvx"? That should tell you which rules are successfully matching packets, and which rules are seeing none. You might want to try LOGging packets which reach the end of the INPJUT and FORWARD chains, so you can see what's trying to get into or through the firewall and being blocked by the default DROP policies. Does the sendmail system try to do ident lookups on incoming connections? Does it refuse a connection if there is no ident reply (since you do not allow idents into, or through, your firewall)? I think a couple of LOGging rules, or a packet sniffer on eth1, will tel you what's going on. Regards, Antony. -- Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a "methodology" or on a schedule. - Damian Conway, Perl God Please reply to the list; please don't CC me.