> You need to allow the return traffic also. This can be done with > connection tracking and the state match. > > /Oskar > Forgive me, but i'm a bit confused in a gray area right now. With the PREROUTING it wasn't needed to add that and it worked, for this new scenario, i tried: #allow all (??) iptables -t filter -A FORWARD -j ALLOW #allow TCP PORT 22 iptables -t filter -A FORWARD -p tcp --dport 22 -j ACCEPT # ssh #block everything else iptables -t filter -A FORWARD -j DROP And it allow's everything! I must say that i'm not a big expert with iptables, if you can give me a few more lights with this i'll thank you. Jorge, -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
