it does not work, please help Guido Lorenzutti <guido@xxxxxxxxxxxxxxxxx> wrote: Mohamed Nassih wrote: > Hi, > > I have this firewall script, the problem is that I can not connect to the webserver (123.45.67.2) from the local network (192.168.1.0). > > Please help. maybe if you... echo 1 > /proc/sys/net/ipv4/ip_forward and not echo 1 > /proc/sys/net(((( ))))/ipv4/ip_forward > > echo 1 > /proc/sys/net /ipv4/ip_forward > IPTABLES -F INPUT > IPTABLES -F OUTPUT > IPTABLES -F FORWARD you could... iptables -F instead of the three rules from above... > IPTABLES -P INPUT DROP > IPTABLES -P OUTPUT DROP > IPTABLES -P FORWARD DROP > Iptables ?A INPUT -i lo ?j ACCEPT > Iptables ?A OUTPUT -o lo ?j ACCEPT > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE > iptables -A FORWARD -i eth1 -p tcp -d 123.45.67.2 --destination-port 80 > ?m state --state NEW,ESTABLISHED -j ACCEPT > iptables -A FORWARD ?p tcp -i eth0 ?-source-port 80 ?m state --state > ESTABLISHED -j ACCEPT > It would be more readable if you.... iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -d 123.45.67.2 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s 123.45.67.2 -m state --state ESTABLISHED -j ACCEPT Check if eth0 = wan and eth1 = lan. PD: sorry for my english, i never study. --------------------------------- Discover Yahoo! Get on-the-go sports scores, stock quotes, news & more. Check it out!
