On Wed June 24 2009 wrote Jorge Bastos: > > On Wed June 24 2009 wrote Rob Sterenborg: > >> $ipt -P FORWARD DROP > >> $ipt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > >> $ipt -A FORWARD -m state --state NEW -p tcp --dport 22 -j ACCEPT > > > > Watch out, that with these rules, you will allow any traffic to pass, > > that has > > destination port 22. Thus, the outside can contact you to port 22. And > > the inside can contact any host on the Internet on port 22. > > No good then, i just want to allow traffic for ports defined by me, for > the NAT'd machines. > > Can you guys help on this? Sorry but i really have no idea, with the > PREROUTING it was easy for me. You can add -i and -o to specify the incoming and outgoing interface to distinguish from the Internet and the LAN-side. -- Christoph Paasch www.rollerbulls.be --
Attachment:
signature.asc
Description: This is a digitally signed message part.
