On Thu, 2011-04-28 at 16:43 -0500, Mike Hendrie wrote: > All users can get to Google and do searches just fine. I am having > funny issues with the a couple of application. > > I do not understand why I am having the below issues. Could this be > because of the iptables? Probably, although I would say more accurately because of UFW. It's quite difficult to diagnose problems with automatically generated iptables rules. I would say you are better off disabling UFW, and starting with just the rules you need to get everything working: # Flush all tables iptables -t nat -F iptables -t mangle -F iptables -t filter -F # Set the default policy to ACCEPT: iptables -P PREROUTING ACCEPT iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P POSTROUTING ACCEPT # Enable packet forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward # Setup NAT: iptables -t nat -A POSTROUTING -o $ext_IF -j MASQUERADE Once that works, you can then start blocking ports. > - There is FileMaker application that uses ports 5000 - 5005 to > connect to an external server that cannot find the external server. > ??StatefulNAT translation.?? Looking at the following website, you'll need to allow more than just those ports: http://sixfriedrice.com/wp/filemaker-firewall/ But, as above, get the firewall working with all ports open, and then start closing them. > - There is a yearbook website that uploads photos to an external > server that does not allow the upload via the webpage. However, I can > upload the photos if I install the application local to the > workstation, the vendor had a local installation of the photo upload > available. Ditto. > iptable command used: iptables -t nat -A PREROUTING -i eth1 -p tcp > --dport 80 -j REDIRECT --to-port 8080 Is this for the proxy? You don't need that rule if you have manually set the proxy server for each client. That rule *forces* the proxy to be used. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html