"R. DuFresne" wrote: > On Fri, 7 Jan 2005 edwardspl@xxxxxxxxxx wrote: > > > Jason Opperisano wrote: > > > > > > Sorry, what useful about the following function ( command line ) ? > > > > > > > > > iptables -A FORWARD -i $EXT_IF -o $INT_IF -p tcp --syn -d $SRV1 \ > > > > > ? --dport 80 -j ACCEPT > > > > > > um--it allows the packet through the FORWARD chain of the filter table. > > > remember--you're trying to build a firewall here. > > > > So, must I enable this kind of function for using the Firewall ? > > > > unless the firewall(ed) system is a stand alone <no other ststems on the > network> then yes, if you wish to forward or pass traffic to the internet > and the other systems.?A stand alone box with a firewall can get by with > just input and output rules. Actually, there is only one machine for me to setup a system ( network ) for Internet... So, I'm planning the following functions with a single machine : Firewall + Internet Server ( eg : DNS, WWW, Mail , FTP behind Firewall ) + NAT ( for other PCs / Clients connect to Internet ). PS : There are TWO Network Interface with the single machine ( I think one port connect with leased line / boardband, another one port with HUB to other Clients ) Is there a sample nat scripts for using the multi-functions ? Edward.
