Morales Carlos wrote: >Hello. I have a firewall blocking all the traffic from the Internet to my local network, but I need to let an external host (extHOST) to access the port 8888 (for example) of an internal host (intHOST). Is this correct? The external lan adapter is eth1. > > /sbin/iptables -t nat -A PORTFW -p tcp -i eth1 -s extHOST --dport 8888 -j DNAT --to-destination intHOST:8888 > >Thaks, please email me to cmmorales@xxxxxxxx >Carlos > > > > > > As long as in PREROUTING Chain of nat table there is a JUMP to PORTFW it is ok. What you need is to have a DNAT in nat table PREROUTING chain , and a rule to allow traffic to the DNATTED dst port 8888 in the filter table FORWARD chain. Bye Francesco
