Hi Loong, It looks like you've got few replys, but there are a couple of tricky bit's I thought might need helping. Here's the firewall rules you'll need...
iptables -A INPUT -p tcp --dport ssh -d 203.115.x.x -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A FORWARD -p tcp --dport ssh -d 203.115.x.x -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A FORWARD -p tcp --sport ssh -s 203.115.x.x -m state --state ESTABLISHED-j ACCEPT iptables -A OUTPUT -p tcp --sport ssh -s 203.115.x.x -m state --state ESTABLISHED -j ACCEPT Usually all bridge firewall rules are applied at the FORWARD chain only. >From my experience, for packets destined directly to and from the bridge, such as SSH, you also need the input and output chains or it won't work. To increase security you might want to restrict access from only one or two remote clients from the internal interface eg. iptables -A INPUT -i eth0 -p tcp --dport ssh -s 203.115.remote.pc -d 203.115.x.x -m state --state NEW,ESTABLISHED -j ACCEPT ... iptables -A OUTPUT -o eth0 -p tcp --sport ssh -d 203.115.remote.pc -s 203.115.x.x -m state --state ESTABLISHED -j ACCEPT Hope you get there! Cheers, Lewis Shobbrook MCSE FastTrack Pty. Ltd. Lvl 12, 499 St. Kilda Rd, Melbourne VIC Australia 3004 Phone: +61 3 9866 8700 Fax: +61 3 9820 0276 _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
