On Mon, 2005-01-17 at 02:31, TestMail wrote: > I'm sorry but i think this rule will not be the solution to my problem cause > my ftp server is inside my internal network and automatically my gateway > will "only" be the source from the -s $PublicIPAdd Forward rule parameter... > i think??? either you or i misunderstands what $PublicIPAdd stands for. > Below is my schematic on how i want it to be .. > 1. only 202...1 ip address in my branch office should be allowed to use > my ftp server in my head office > > so incoming ftp request should be filtered and only 202....1 ip > address that is coming from my branch office should be allowed. > > | Branch | eth0 202. .1 < external > | > | > | WAN | > | > | > |gateway:firewall:FCore2| eth0 192.168... < internal <<<<<< > | eth1 202........ <external > | > | > |Ftp Server:FCore2| eth0 192.168.0.5 < Internal now that you've provided some more details: iptables -A FORWARD -i eth1 -o eth0 -p tcp --syn \ -s 202.x.x.1 -d 192.168.0.5 --dport 21 -j ACCEPT -j -- "To alcohol: the cause of, and solution to, all of life's problems." --The Simpsons
