(sending the second time 'cause message got bloqued 1st) Hum well, I'm doing the ACCEPT to the ports I want to be reachable to the out world, and in the end add a DROP so that the rest of the ports get unreachable, well it was working. In fact I didn't spent many time when I've built this rules, and they have about 5 years, I'm just checking this 'cause of this new situation. Going to try the FORWARD and report success or not. Thanks, Jorge, PS:Already tested and works perfectly. I guess this should be the place i should used the rules to do nat filtering from the beginning, correct? > Jorge Bastos escreveu: >> >> I use this, to allow the users that are using my linux machine, action >> as >> a router, to connect to the outside world only to the ports I want, and >> block some stuff. >> How to do this now on? >> >> > > now you'll have to do it on the place you should have done that: > > iptables -t filter -A FORWARD ...... > > or simply > > iptables -A FORWARD > > if not specified, -t filter is used. > > > your rules are strange .... usually default action for NAT tables > are ACCEPT. Of course that can be changed, but that would require that > you really understand what you're doing. Your default policy is probably > ACCEPT and, in that case, ACCEPT rules arent necessary at all. > > > -- > > > Atenciosamente / Sincerily, > Leonardo Rodrigues > Solutti Tecnologia > http://www.solutti.com.br > > Minha armadilha de SPAM, NÃO mandem email > gertrudes@xxxxxxxxxxxxxx > My SPAMTRAP, do not email it > > > > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
