On Wednesday 26 June 2002 8:41 am, Loc Huynh wrote: > Hi all, > > I finally had the iptables 1.2.6a installed and it's working great (on > Redhat 7.3) > However, I have a small problem. > I have the following setup for forwarding on port 80 to our IIS web server. > > $IPTABLES -A FORWARD -i $INTERNALIF -p tcp --dport 80 -j ACCEPT > $IPTABLES -A PREROUTING -t nat -p tcp -d $INTERNALIP --dport 80 -j DNAT > --to-destination $HTTPFWDIP:80 > > The above worked fine if I have the "FORWARD" to be open to ACCEPT > ie: $IPTABLES -P FORWARD ACCEPT > > Of course, I don't want the default is open to "ACCEPT", is there anyway to > avoid this please ?
$IPTABLES -A FORWARD -i $EXTERNALIF -d $HTTPFWDIP -p tcp --dport 80 -j ACCEPT ie: Allow packets from the external interface in to your web server. Antony.
