> Hello, > My server is on FC3 (fedora3) > eth0 is WAN ---> DSL router ----> ISP > eth1 is LAN Not sure I understand the ASCII art : is your server the DSL router ? > I would like to that 2 client 192.168.0.253 and 192.168.0.248 > are connected to " fedora3 server " > via NAT. So that they can do "anything" ? > And all other clients connected to "fedora3 server" > are able to only send / recieve mail. > > Howto do that Something like : $IPT -P FORWARD DROP $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A FORWARD -i eth1 -o eth0 -s 192.168.0.248 -j ACCEPT $IPT -A FORWARD -i eth1 -o eth0 -s 192.168.0.253 -j ACCEPT $IPT -A FORWARD -i eth1 -o eth0 -p tcp --dport 25 -j ACCEPT $IPT -A FORWARD -i eth1 -o eth0 -p tcp --dport 110 -j ACCEPT $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT \ --to-source <inet_ip> Maybe Oscars IPTables tutorial is something useful : http://iptables-tutorial.frozentux.net/iptables-tutorial.html Gr, Rob
