i found a script in the nano (julian's page) like this: iptables -t nat -A POSTROUTING -o IFE1 -s NW1/24 -j MASQUERADE iptables -t nat -A PREROUTING -j keep_state iptables -t nat -A POSTROUTING -j keep_state iptables -t nat -A OUTPUT -j keep_state iptables -t filter -A INPUT -j keep_state iptables -t filter -A FORWARD -j keep_state iptables -t filter -A OUTPUT -j keep_state iptables -t filter -N keep_state iptables -t filter -A keep_state -m --state RELATED,ESTABLISHED -j ACCEPT iptables -t filter -A keep_state -j RETURN iptables -t nat -N keep_state iptables -t nat -A keep_state -m --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A keep_state -j RETURN
first packet arrived and the packet match the "state" (for example) in table prerouting nat then it will jump to the keep_state table is it the same that the packet will be accepted: (in this case, because it was matched by the match state related,established) on table prerouting nat: in other words, let say: "iptables -t NAT -A PREROUTING -j ACCEPT" ? what will the packet do? and what next? thanks, harry
