I'm having difficulty with clients connecting to a game I'm hosting
over the internet.
So I'm wondering if my PREROUTING rule is conflicting with my FORWARD rule.
If I have these prerouting rules:
$IPTABLES -t nat -A PREROUTING -p tcp --dport 34297 -i ppp0 -j DNAT
--to-destination 192.168.170.6
$IPTABLES -t nat -A PREROUTING -p udp --dport 34297 -i ppp0 -j DNAT
--to-destination 192.168.170.6
$IPTABLES -t nat -A PREROUTING -p tcp --dport 34397 -i ppp0 -j DNAT
--to-destination 192.168.170.6
$IPTABLES -t nat -A PREROUTING -p udp --dport 34397 -i ppp0 -j DNAT
--to-destination 192.168.170.6
$IPTABLES -t nat -A PREROUTING -p tcp --dport 34447 -i ppp0 -j DNAT
--to-destination 192.168.170.6
$IPTABLES -t nat -A PREROUTING -p udp --dport 34447 -i ppp0 -j DNAT
--to-destination 192.168.170.6
Then I should not have to worry about these FORWARD rules interfering
with the prerouted data getting to the server at 192.168.170.6 ---
$IPTABLES -t filter -A FORWARD -i ppp0 -o eth1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t filter -A FORWARD -i ppp0 -o eth2 -m state --state
ESTABLISHED,RELATED -j ACCEPT
Am I right or wrong?
If wrong, is the only way then to change the FORWARD rule to -j ACCEPT
and leave out the ESTABLISHED,RELATED requirement?
Thanks for your time and assistance.
Mike
On 10/19/06, tarak@xxxxxxxxxxxx <tarak@xxxxxxxxxxxx> wrote:
hello experts,
i have a problem in iptables, i want to customize the
firewall. through iptable i want run a shell script which will keep an
watch
on each and every ip addresses in my organization, that how much amount
of
data downloading and uploading from those ip addresses...... seperately..
is
this possible to do,,,, if so please tell me how to do...
thanks in advance
Regards,
Tarak Ranjan
