On February 24, 2004 10:58 pm, ip tables wrote: > Hello, > > I use iptables 1.2.7a on RH 9.0 when i enable > iptables -t nat --policy PREROUTING DROP > it stops my connecting to the services offerd @ the > natted dmz. Also nmap shows the ports opened when i do > a "connect" scan. I have no user defined chanins. Any > idea? > > Thanks and regards Hi, why do you have PREROUTING DROP that will kill everything (but I do not beleive it is valid) ? --policy is normally set near the top of the script/ruleset, and is not required for PRE or POST routing, just for input, output, forward and user defined. If I follow what you are after, try something like: #inbound redircts to webserver on dmz $IPTABLES -A PREROUTING -t nat -p tcp -i $EXT_IF --dport 80 -j DNAT --to-destination $WEB_SERVER # outbound web server connections are all masquaraded $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $WEB_SERVER -j MASQUERADE Let me know if you need more details as you have not given much information about the rest of the rules or the access senario. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
