hi,
I want to know wheater it is possible to nat a packet from the lan to the internet without putting a rule in the forward chain. because always before I do a nat I need to do a forward rule which allow to forward the packet. iptables -F iptables --table nat -F iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP #6665 iptables -A FORWARD --in-interface eth0 --out-interface ppp0 --protocol tcp --source $LAN --destination ! $LAN --sport $HIGHPORTS --dport 6665 -j ACCEPT # Do I really need this rule ?? # Or can a Attacker get with this rule into my lan with source port 6665 ? iptables -A FORWARD --in-interface ppp0 --out-interface eth0 --protocol tcp --source ! $LAN --destination $LAN --sport 6665 --dport $HIGHPORTS -j ACCEPT iptables --table nat -A POSTROUTING --out-interface ppp0 --protocol tcp --source $LAN --destination ! $LAN --sport $HIGHPORTS --dport 6665 -j SNAT --to $IFIP_ppp0 Thanks for reading this and sorry for my bad english sebastian
