Hi, I have a slight problem and can not find any answers myself or in the Internet. I run iptables on Debian based router/firewall. I do not use nat and private IP addresses. vlan2 and vlan3 are external connections to ISPs vlan101 and vlan82 are internal interfaces. The problem is that if I put iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT or just iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT it is possible to access my internal web server (and not only web server) from outside despite I did not open port 80 in FORWARD chain and policy for FORWARD is DROP. As soon as I remove those lines I can not connect to the Internet from behind the firewall. I've been fighting with that problem for two weeks now. I rewrite my script several times and brought it to bare basic but nothing has fixed the problem. kernel 2.6.18-4-686 iptables v1.3.6 Please any hints or tips would be really appreciated. Best regards, Anton.
