On 12/3/02 11:48 AM, "Jack Bowling" <[EMAIL PROTECTED]> tapped the keys:
> ** Reply to message from Edward Marczak <[EMAIL PROTECTED]> on Tue, 03 Dec 2002 > 09:45:10 -0500 > > A couple of nitpicks: > >> If you're using SNAT/Masqerading and have forwarding enabled, try this: >> >> iptables -A FORWARD -i eth0 -o eth1-p tcp --dport 80 -m state --state >> NEW,ESTABLISHED,RELATED -j ACCEPT > > This should always be preceded by this line which ensures only SYN packets are > seen as NEW: Agreed. The lines I posted was a small part of a script that I threw together. I have that line earlier in my script. Good advice. > When natting to another box, one doesn't have to specify the natted port if it > is the same port as the original. IOW, you could have left off the :80 after > --to int.ip.add.ress and it would have been shunted to port 80 anyway. Right. I do this in a generic way in my script so I can read source ip and port, dest ip and port from a file. Good to point out for the uninitiated. -- Ed Marczak [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
