> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jason Opperisano > Sent: Friday, January 14, 2005 9:28 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: FTP Forwarding > > On Fri, 2005-01-14 at 06:38, Deepak Seshadri wrote: > > iptables -t nat -A PREROUTING -i $EXT_IF -p tcp -s $PublicIPAdd -d > > 202.147.167.99 \ > > --dport 21 -j DNAT --to-destination 192.168.0.5 > > personally--i don't believe in filtering in NAT. nat in NAT, and filter > in FILTER; that's why they're there. it makes the rule set much easier > to troubleshoot, and it saves you time a year from now when you look at > your rules and can't figure out why you can't FTP to that server from > some random IP address, since the FILTER rule is wide open. > Hmm .... thank you for clarifying. > -j Deepak
