Hello James, Thanks for u'r reply. IM works fine (ap per u'r rules). My problem is can't able to communicate over voice. i.e.Voice chat is not possible. how to overcome this.plz help me. it's very urgent. thanks a lot.... regs, -shadha
> > My lan n/w is 192.168.1.0/24(eth0 192.168.1.24) and > > internet iface has ip address 172.16.1.111 which is connected to > router. > > A windows m/c which is behind the firewall has ip address > 192.168.1.135 & windows m/c > > outside the firewall has ip address is 172.16.1.100. I've set > > the below rules in the firewall m/c. > > > > /sbin/iptables -A FORWARD -o eth0 -p all -s > 192.168.1.135/255.255.255.255 -j ACCEPT > > /sbin/iptables -t nat -A POSTROUTING -o eth0 -p all -d 0/0 -j SNAT > --to 172.16.1.111 > > I'm getting error in msn messenger from the m/c outside the firewall > as > > If you play it safe and DROP all packets you will need the following > rules > > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > Firstly you need to setup masquerading on the internal LAN > > iptables -t nat -A POSTROUTING -o $OUT_IF -j SNAT --to-source $OUT_IP > > You will need to allow specific packets on the INPUT / OUTPUT and > FORWARD chains > > iptables -A OUTPUT -p ALL -s $LAN -j ACCEPT > iptables -A OUTPUT -p ALL -s $LO -j ACCEPT > iptables -A OUTPUT -p ALL -s $EX_IP -j ACCEPT > > iptables -A FORWARD -i $IN_IF -j ACCEPT > > iptables -A INPUT -p ALL -i lo -j ACCEPT > iptables -A INPUT -p ALL -i $IN_IF -j ACCEPT > iptables -A INPUT -p ALL -i $EX_IF -m state --state ESTABLISHED,RELATED -j ACCEPT > > This should get you a usable packet filter I use a similar setup here > with great success with IM > > Regards > James _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
