Roland Häder wrote:
I suppose I should not replace my _whole_ ruleset but a small part?
Else these rules will be a little less secure.
Those replace only the forward one and add some debug. Of course, at the
end of tests, you'll modify and replace your rules with mine :)
And currently my firewall got attacked on port 110 which is (sadly!)
reachable on all NICs.
IP -I INPUT -m state --state NEW -p tcp --dport 110 -j ACCEPT
So where should I add/replace your rules?
For test, into a "running" env, so after yours.
For this into the above iptables.list there are no rules! IP -A
PREROUTING -i eth0 -p tcp --dport 30017 -j DNAT --to-destination
192.168.1.17
and add the forward one
I have a similar one already and as I said, it worked before like a
sharm. :)
Strange. Start with a "rule clean" and recreate the only one that do the
work you want. Make them work and after, and only after, start to debug
Bye
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
