Dear list, May I run the following past you to see if I have any stupid errors or if you have some good advice? (it's very rough with no comments) Thanks: #!/usr/bin/env bash t="/usr/bin/env iptables" $t --flush $t --table nat --flush $t --delete-chain $t --table nat --delete-chain $t --table nat --append POSTROUTING -s 192.168.14.0/24 --out-interface ppp0 -j MASQUERADE $t -A FORWARD -p tcp -s 192.168.14.0/24 -d ! 192.168.14.0/24 --dport 443 -j ACCEPT $t -A FORWARD -p tcp -s 192.168.14.0/24 -d ! 192..168.14.0/24 --dport 110 -j ACCEPT $t -A FORWARD -p tcp -s 192.168.14.0/24 -d ! 192.168.14.0/24 --dport 25 -j ACCEPT $t -A FORWARD -p tcp -s 192.168.14.0/24 -d ! 192.168.14.0/24 --dport 22 -j ACCEPT $t -A FORWARD -p tcp -s 192.168.14.0/24 -d ! 192.168.14.0/24 --dport 1863 -j ACCEPT $t -A FORWARD -p tcp -s 192.168.14.0/24 -d ! 192.168.14.0/24 --dport 21 -j ACCEPT $t -A FORWARD -p tcp -s 192.168.14.0/24 -d ! 192.168.14.0/24 --dport 20 -j ACCEPT $t --table nat --append PREROUTING -i eth0 -p tcp -d ! 192.168.14.0/24 --dport 80 -j REDIRECT --to-port 3128 # IP Sec Connects and VPN $t -A INPUT -p all -s 192.168.0.0/24 -j ACCEPT $t -A INPUT -p udp --dport 500 -j ACCEPT $t -A OUTPUT -p udp --dport 500 -j ACCEPT $t -A INPUT -p 50 -j ACCEPT $t -A OUTPUT -p 50 -j ACCEPT $t -A INPUT -p tcp --dport 500 -j ACCEPT $t -A INPUT -p all -s 192.168.14.0/24 -j ACCEPT $t -A INPUT -p all -s 192.168.15.0/24 -j ACCEPT $t -A INPUT -p all -s 192.168.16.0/24 -j ACCEPT $t -A INPUT -p all -s 192.168.17.0/24 -j ACCEPT $t -A INPUT -p all -s 127.0.0.0/24 -j ACCEPT $t -A INPUT -p all -s 127.0.0.1 -j ACCEPT $t -A INPUT -p tcp -i ppp0 --dport 22 -j ACCEPT $t -A INPUT -p all -i ipsec0 -j ACCEPT $t -A INPUT -p tcp --syn -j DROP Thanks again. -- Kind Regards, Gavin Henry. Open Source. Open Solutions(tm). http://www.suretecsystems.com/
