Hello, I have a small network of Windows boxes behind Linux firewall/router. I run Debian Sarge 3.1 without X there. I have a server on the LAN that serves clients from the Internet over RMI connection on the certain port. RMI is basically connection-oriented TCP/IP protocol. I do DNAT for such requests to that local server. All is working fine so far. Problem: those clients from the Internet need direct access to the MS SQL server over TCP/IP on the different port. I want to open and DNAT MS SQL port dynamically - if client already has ESTABLISHED connection over RMI port I want allow access to MS SQL port, otherwise I'd like to drop the request. If the client got disconnected over RMI then it is OK to reject direct requests from him to MS SQL thereafter. How can this be accomplished with iptables?
