I have a machine that I using as a firewall, separting WAN / LAN / DMZ Rules thus far are to NAT all outgoing packets that come in from the LAN interface. >From the machine itself, I can ping machines on my DMZ interface (eth2) and my LAN interface (eth0) I'm having trouble getting through the firewall to my DMZ machines, but I can access the NIC that routes to the DMZ machine via SSH... I've tried various forwarding rules, and even changed the default FORWARD policy to ACCEPT anything. Here is a basic rule I'm trying: #eth1 = WAN NIC #eth2 = DMZ NIC iptables -A FORWARD -i eth1 -o eth2 -d xx.xx.xx.xx -p tcp --dport 22 -j ACCEPT now, if I do a netstat on the firewall nothing... if I do a netstat on the machine I'm attempting to connect from... all I see is SYN_SENT **I'm trying from external machines...i.e. machines not on my network. physical network is router -> vlan -> firewall -> DMZ router -> vlan -> firewall -> LAN I can also access the DMZ machine via the firewall itself and vice versa, but once logged into the DMZ machine, I can't get to anything past the firewall. I have the following rules for that iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT Kinda confused here... the LAN stuff works... at least for now... to simply forward the packets out through the WAN NIC and NAT them... *shrug*
