On Mon, November 14, 2005 20:49, fernando wrote: *DONT'T* do this : > # Setting nat polices to drop: > > for TABLES in PREROUTING POSTROUTING OUTPUT > do > $IPTABLES -t nat -P $TABLES DROP > done > > # Setting mangle polices to drop: > > for TABLES in INPUT PREROUTING POSTROUTING FORWARD OUTPUT > do > $IPTABLES -t mangle -P $TABLES DROP > done "Filtering" is done in the "filter" table, it is considered "bad practice" to use other tables and if you're not sure about what you're doing you may get unexpected results. Please read up on the subject in the archives. You must have read /dev/rob0's post that the nat and mangle rules were a "horrible abuse". I suppose he meant this. I didn't check the rest of your script. It could be it still doesn't work if you delete the above, but it may as well. Personally, I think you had better start with a simple script (this one contains rules normally not needed in forwarding) and add rules you think you need when you've got things working. Gr, Rob
