> Not right that "both" have the default gw to 192.168.1.1 Only the > clients on 192.168.1.0/24 have to. The router (the server where you are > writing the iptables rules) need another gw! Yes, I have your mentioned setup here: clients have 192.168.1.1 as gateway and 192.168.1.1 has the PPP partner as its gateway. > Try > IP -F -t nat > IP -F FORWARD > IP -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > IP -A FORWARD -i eth1 -m state --state NEW -j LOG --log-prefix "NEW FW" > IP -A FORWARD -i eth1 -j ACCEPT > IP -A POSTROUTING -o eth0 -m state --state NEW -j LOG --log-prefix "NEW POR" > IP -A POSTROUTING -o eth0 -j MASQUERADE I suppose I should not replace my _whole_ ruleset but a small part? Else these rules will be a little less secure. And currently my firewall got attacked on port 110 which is (sadly!) reachable on all NICs. So where should I add/replace your rules? > For this into the above iptables.list there are no rules! > IP -A PREROUTING -i eth0 -p tcp --dport 30017 -j DNAT --to-destination > 192.168.1.17 > > and add the forward one I have a similar one already and as I said, it worked before like a sharm. :) So the "bug" must be someone else. Okay, I put all in /etc/Bastille in a ZIP and try it from a fresh installation. Then I put my custom firewall.d back in place step-by-step. If that is still failing I try yours but shut down a lot processes on my box. I hate that my box got hacked by some script-kiddie or spammer .... :( I will add "netstat -lnp" soon! > I don't know about this.... Okay, never mind. :) > Michele Roland __________________________________________________________________ Deutschlands größte Online-Videothek schenkt Ihnen 12.000 Videos!* http://entertainment.web.de/de/entertainment/maxdome/index.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
