Hi Everyone I'm currently trying to ddo the following : - we have a simple NAT running iptables 1.2.9 with about 20 hosts behind - we have an outside SQL Server - when ppl use their SQL Server clients, I see lots of TCP SYN on port 445 of this SQL Server What I'd like to do is something like : $IPTABLES -A FORWARD -i $LAN_IFACE -p tcp --dport 445 --dst sql.se.rv.er -j REJECT --reject-with tcp-reset My problem : Packet seems OK (iptables change source ip and port) and is TCP RST, but it is sent to the external interface, and my LAN hosts do not get the reply and must wait for a timeout to occur (since another firewall protects the SQL Server and drops TCP 445) Is there any way to force an interface for the REJECT rule ? Is there any configuration that could cause this to happen ? Thanks in advance Maxime Ducharme Programmeur / Spécialiste en sécurité réseau
