Sorry, a little bit off topic, but I allways go red about such kind of crappy rules:
> Use DNAT target. In short what you need to do is:
>
> iptables -A FORWARD -m state --state NEW -j ACCEPT
Do you know what you just did? You've just allowed any kind of
connections, protocols to any port and from/to any destionation. Cute,
isn't it? Remember, --state NEW, never ever have meant, and I doubt
it'll ever mean that this is an tcp connection with only SYN bit set. It
could be everyting, ACK,URG,PSH etc. So guess what, you just open a wide
hole in your so called "firewall" machine. You better use --tpc-flags or
--syn alias for such purposes. --state NEW can be used for redundant
firewalling for example, but for me it has no use.
Regards,
Dimitar
P.S. Why I go red? Because there're thousands of people who use it, and
they learned it from someone like you.
--
"The only thing necessary for the triumph of evil is for good men to do
nothing."
--Edmund Burke.
