-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 05 September 2002 09:13 pm, Teodor Georgiev wrote: > ----- Original Message ----- > From: "Mike Burger" > > > It works just fine, and isn't difficult, at all: > > > > iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport xxxx -j DNAT > > --to-destination xxx.xxx.xxx.xxx > > iptables -A FORWARD -p tcp --dport xxxx -m state --state NEW -d > > xxx.xxx.xxx.xxx -j ACCEPT > > when you do port forwarding, it is not needed to put an ACCEPT chain > for INPUT or FORWARD
Unless your default policy is to drop connections, as it probably should be. I don't believe my rules work without jumping to the ACCEPT chain from the FORWARD chain. If that's incorrect, please enlighten me. I need a good excuse to rewrite my firewall rules. ;) - -- - -Michael pgp key: http://www.tuxfan.homeip.net:8080/gpgkey.txt Red Hat Linux 7.{2,3} in 8M of RAM: http://www.rule-project.org/ - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj14CTcACgkQn/07WoAb/SuO4QCdE6iIZ4szsaK89lK3NPDUEBiX W6UAn3du/A04L0EnTeGmtfKp9T8T0EnJ =z//h -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list