On Tue, Jul 03, 2001 at 02:39:22AM -0500, S . Salman Ahmed wrote: > $IPTABLES -t nat -A PREROUTING\ > -i eth0 -s <SomeIPAddress>\ > -p tcp -d <CableISPassignedIPaddress>\ > --dport 22 -j DNAT --to 192.168.1.2
That looks fine. > $IPTABLES -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP Only looked at your rule set briefly but I think that is the line that is killing you. You will need a line to specifically forward tcp blabla.. (basically matching your DNAT rule) to your internal address. P.S. Your configuration appears to be of the "default accept" nature, rather than "default drop." I would recommend a complete re-write to drop and log by default, and then write rules to allow just those things you need. :) But hopefully the above answers your actual question. -- Jim B. [EMAIL PROTECTED]
