> Hello! > > I have a network with an iptables-based firewall/proxy. > Behind the proxy is a machine running Postgres. Recently, many > changes were made to the installation. > > Connecting to the Postgres DB works from within the network, but not > from without. >From "the outside", I guess.. Without a network it'll be hard to get it working. ;-) > I've run out of ideas for tracking down the error... > > Could anybody kindly pass on some wise advice? > > > firewall iptables (in port number edited): > > *nat > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A PREROUTING -p tcp --dport ##INPORT## -j DNAT --to > 192.168.2.10:5432 > -A PREROUTING -p udp --dport ##INPORT## -j DNAT --to > 192.168.2.10:5432 > -A POSTROUTING -o ppp0 -j MASQUERADE > COMMIT These are only NAT rules. What about the FORWARD rules ? > db machine iptables: > > *filter > :INPUT DROP [1:242] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [0:0] > :LOG_DROP - [0:0] > :LOG_ACCEPT - [0:0] > :icmp_packets - [0:0] > -A INPUT -p tcp -s 192.168.0.0/16 -m tcp --dport 5432 -j ACCEPT > -A INPUT -j DROP This looks okay to me: the machine should accept packets. Gr, Rob
