On Sun, Nov 20, 2005 at 02:13:03PM -0500, Adam Rosi-Kessel wrote: > iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR 1024:65535 \ > --source-port 80 --destination-port "1024:65535" -j ACCEPT Oops, that should have been: iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR \ --source-port 80 --destination-port "1024:65535" -j ACCEPT I should also mention that I already have an OUTPUT matching rule to ACCEPT all packets that are established and related. So it would seem that the additional rule above should be unnecessary, right? But then why am I seeing dropped OUTPUT packets with SPT=80 and DPT=>1024? -- Adam Rosi-Kessel http://adam.rosi-kessel.org
