On Thursday 23 June 2005 06:50, radu wrote: > why I'm receiving on my PC packages with external ip on > 4690,4544,4581.. ports??? That would be me. I was trying to lure you into posting something on this list. ;) > Internet -> linux box -> My PC(192.168.50.101) > > linux box > eth0 local 192.168.50.0/24 > eth1 Internet > > my iptables config: > > iptables -P FORWARD DROP good > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 4662 -j DNAT > --to 192.168.50.101 4662/tcp packet arriving at the external interface should have their destination changed to Radu's computer ... > iptables -I FORWARD -d 192.168.50.101 -p tcp > --dport 4662 -j ACCEPT ... and those packets should be accepted. > iptables -I FORWARD -i eth1 -o eth0 -m state > --state ESTABLISHED,RELATED -j ACCEPT Any replies to established or related connections arriving at the external interface, destined to the internal interface, should be accepted. This is surely the rule letting those in. Check the connection tracking table when you see them come in. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header