Dear all, I have two short question please: 1) Machine A from Internet accesses machine B from (web server) my DMZ behind my linux/iptables, is it necessary to build a NAT rule from A to B and from B to A, or just A to B is enough ??? 2) I want my LAN users to access all FTP servers from Internet, and I have loaded the ip_conntrack_ftp module. Are this rules enough or do I have to specify something else (taking into account FTP active and passive modes) ??? $IPTABLES -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -p tcp -m tcp -s 192.168.0.0 --dport 21 -m state --state NEW -j ACCEPT Thanking in advance !!!! Alejandro
