> My lan n/w is 192.168.1.0/24(eth0 192.168.1.24) and > internet iface has ip address 172.16.1.111 which is connected to router. > A windows m/c which is behind the firewall has ip address 192.168.1.135 & windows m/c > outside the firewall has ip address is 172.16.1.100. I've set > the below rules in the firewall m/c. > > /sbin/iptables -A FORWARD -o eth0 -p all -s 192.168.1.135/255.255.255.255 -j ACCEPT > /sbin/iptables -t nat -A POSTROUTING -o eth0 -p all -d 0/0 -j SNAT --to 172.16.1.111 > I'm getting error in msn messenger from the m/c outside the firewall as
If you play it safe and DROP all packets you will need the following rules iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP Firstly you need to setup masquerading on the internal LAN iptables -t nat -A POSTROUTING -o $OUT_IF -j SNAT --to-source $OUT_IP You will need to allow specific packets on the INPUT / OUTPUT and FORWARD chains iptables -A OUTPUT -p ALL -s $LAN -j ACCEPT iptables -A OUTPUT -p ALL -s $LO -j ACCEPT iptables -A OUTPUT -p ALL -s $EX_IP -j ACCEPT iptables -A FORWARD -i $IN_IF -j ACCEPT iptables -A INPUT -p ALL -i lo -j ACCEPT iptables -A INPUT -p ALL -i $IN_IF -j ACCEPT iptables -A INPUT -p ALL -i $EX_IF -m state --state ESTABLISHED,RELATED -j ACCEPT This should get you a usable packet filter I use a similar setup here with great success with IM Regards James
