Thanks for your fast responses. First of all i checked all the next rules: iptables -A tcp_packets -p TCP -s 0/0 --dport 139 -j ACCEPT iptables -A udpincoming_packets -p UDP -s 0/0 --source-port 139 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -d 83.132.157.x --dport 139 -j DNAT --to 192.168.0.200:139 //filtered <- iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 139 -j DNAT --to 192.168.0.200:139 //filtered <- iptables -t nat -A PREROUTING -p tcp -i eth0 -d 83.132.157.x --dport 139 -j DNAT --to 192.168.0.200:139 iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.200 --dport 139 -j ACCEPT //closed <- host down iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 139 -j DNAT --to 192.168.0.200:139 iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.200 --dport 139 -j ACCEPT //filtered <- iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 139 -j DNAT --to 192.168.0.200:139 iptables -A FORWARD -p tcp -i eth0 -d 83.132.157.x --dport 139 -j ACCEPT //filtered <- host down iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 139 -j DNAT --to 192.168.0.200:139 iptables -A FORWARD -p tcp -i eth0 --dport 139 -j ACCEPT //filtered With my friend's help. And none of them directed the output. There is no problem to forward the port 139, because it will be forwarded to a honeypot machine =) (running on virtualbox). When started to test with the ipmasq the host stopped to listen on other ports (ssh for lan for example),but connection sharing still works. And my friend couldnt connect to the host. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
