--- Sietse van Zanen <sietse@xxxxxxxxx> wrote:
> >> ACCEPT all -- anywhere anywhere
> >> This converts your DROP policy to an ACCEPT,
> doesn't seem wise.
>
> >Remember that iptables -L hides some rule
> parameters such as interfaces.
> >I would not be surprised that this rule actually
> contains "-i eth1".
> >I strongly suggest John and anyone lists iptables
> rules with>
> >iptables-save instead of iptables -L.
>
> Or iptables -L -n -v would do fine too, I think.
>
>
>
Hi Thanks for the reply
in my gateway ?iptables -L -n -v ? . results are
**************************
[root@gateway ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 256K packets, 29M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
8 472 ACCEPT all -- eth0 eth1
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
17 840 ACCEPT all -- eth1 eth0
0.0.0.0/0 0.0.0.0/0
3 180 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 4
3 180 ACCEPT tcp -- eth0 *
0.0.0.0/0 192.168.242.129 tcp dpt:8110
Chain OUTPUT (policy ACCEPT 2885 packets, 430K bytes)
pkts bytes target prot opt in out source
destination
*******************************
I am posting , some part of the previous mail , for
continuity
I have a gateway (CentOS) with eth0 and eth1 as
interfaces. ?eth0? is exposed to WAN and ?eth1? to
the LAN network , I want all POP3 packets coming in
through the gateway wan interface (eth0) to be
redirected to the PS1(192.168.242.129 inside the lan)
port 8110 . I had done some iptables settings as
iptables -t nat -A PREROUTING -i eth0 -p tcp ?dport
pop3 -j DNAT ?to 192.168.242.129:8110
iptables -A FORWARD -i eth0 -p tcp --dport 8110
-d 192.168.242.129 -j ACCEPT
In this setup POP3 packets were not redirected to
PS1 (192.168.242.129)
Thanks
Joseph John
___________________________________________________________
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" ? The Wall Street Journal
http://uk.docs.yahoo.com/nowyoucan.html
