On 2/22/06, Chinh Nguyen <cnguyen@xxxxxxxxxxxx> wrote: > > Daniel Nogradi wrote: > > Anyway, what I have tried is: > > > > # make sure we start from zero > > > > iptables --flush > > iptables -t nat --flush > > iptables --delete-chain > > iptables -t nat --delete-chain > > > > # set up masquerading from LAN to modem which is hook up on eth0 > > > > iptables -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE > > > > # allow forwarding from LAN which is hookup up on eth1 > > > > iptables -A FORWARD --in-interface eth1 -j ACCEPT > > I think that when you have a rule like this, you need the converse. ie, > iptables -A FORWARD --in-interface eth0 -j ACCEPT > If you want restrictions such that connections are initiated from B only, > you > could restrict the inbound forward. > > iptables -A FORWARD --in-interface eth0 -m state --state ESTABLISHED,RELATED > -j > ACCEPT Hi Chinh, I tried interchanging eth0 and eth1 and still no luck. I didn't want to restrict the source yet, because I first would like to see that it works at all, and then start tightening security. /var/log/messages also says nothing. Is there any other log file which would be useful to check?
