R: INPUT vs. FORWARD?

[Boniforti Flavio]

OK, so may you please help me understainding WHY my IP 192.168.0.200 (an
AS/400) doesn't receive anymore connections when I set up my new firewall???
 
Here's the main FW code:
 
I got eth0 connected to my LAN (192.168.0.0) and eth1 connected to my
Internet Access Router.
My remote offices can't connect to my AS/400, although they connect through
another router, which then sends packets to my eth0.
 
Please help me!.
 
Thanx!
 
 
# Default policies
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

#################
# Firewall core #
#################
 
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
# Some services on my proxy/firewall machine
for PRX in $SERV_PRX
do
        $IPT -A INPUT -p tcp -m state --state NEW --dport $PRX -i eth0 -j
ACCEPT
        $IPT -A INPUT -p udp -m state --state NEW --dport $PRX -i eth0 -j
ACCEPT
done
 
$IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 
# Internet traffic forwarding
for EXT in $SERV_EXT
do
        $IPT -A FORWARD -p tcp -m state --state NEW --dport $EXT -o eth1 -j
ACCEPT
        $IPT -A FORWARD -p udp -m state --state NEW --dport $EXT -o eth1 -j
ACCEPT
done
 
# 0_197IN access (my intranet webserver)
for INT in $SERV_INT
do
        $IPT -A FORWARD -p tcp -m state --state NEW --dport $INT -d
192.168.0.197 -i eth0 -j ACCEPT
        $IPT -A FORWARD -p udp -m state --state NEW --dport $INT -d
192.168.0.197 -i eth0 -j ACCEPT
done
 
# AS/400 access
$IPT -A FORWARD -m state --state NEW -d 192.168.0.200 -i eth0 -j ACCEPT
 
 

-----Messaggio originale-----
Da: Sneppe Filip [mailto:[EMAIL PROTECTED]]
Inviato: venerd� 22 febbraio 2002 11.09
A: Boniforti Flavio; [EMAIL PROTECTED]
Oggetto: RE: INPUT vs. FORWARD?



Hi,
>Is it correct that if a packet reaches my firewall and it
>is destined to another machine in the same network as my
>firewall's eth0, the packet traverses first the INPUT
>chain and then the FORWARD chain?

No, just FORWARD.

Regards,
Filip

<<attachment: winmail.dat>>