A couple questions before I try to push out my new firewall.
Creating a PREROUTING rule on a DROP all policy like so.
$IPT -t nat -A PREROUTING -i $EXTIF -d $HOST_EXTIP -p tcp --dport 22 \
-j DNAT --to-destination $HOST_INTIP:22
This allows the packets to pass through my external nic so I would
only need a forward rule like so to complete the request?
$IPT -A FORWARD -o $INTIF -d $HOST_INTIP -p tcp --dport 22
From what I read the routing decision happens after PREROUTING but I
am not sure if the request has traversed pass my external interface
at this time.
Not sure if I need to specify both interface or in my case it would
be the same if I specified none.
My question related to ULOG.... Is ULOG the only way to get iptables
logging out of my dmesg ? Every time I type dmesg I find it
overloaded with iptables logging.
Thanks.
