Hi all I apologize for this newbie question. I've been reading the perfect little YoLinux's tutorial on the http://www.iptables.org site, whose title is: "Set up an gateway for home or office". By so far, I have only one question yet. I presume my script should contain these few instructions: --- Beggining of the script iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth1 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward route add -net 192.168.1.0 netmask 255.255.255.255.0 / gw ${IPADDR} dev eth1 --- End of the script This all I need to set up an access from any address within the range: 192.168.1.1 - 192.168.1.255 ( internal computers connected to the switch ), through the eth1 internal interface, and the eth0 external interface, whose address is ${IPADDR}. My question is: What happens, after an existing TCP connection has been established from the lan to an outdise server, when a need for a new connection from the outside by the same server to a specified port ( for example auth 113 ), on this same internal address, occurs ? The problem is: I have only one external address, ${IPADDR}, and what makes the incoming packet to be directed onto the right address inside the lan ? That is, the internal address from which the initial TCP connection was coming from ? It might be, this kind of request for connection, could happen simultaneously several times at a time, for different internal addresses. This kind of request for authentification, does occur within many protocols. Does this way of processing masquerading the lan connections, work in this case ? Many thanks for your response. Jean Francois Ortolo
