---------- Original Message ---------------------------------- From: Mark Tessier <[EMAIL PROTECTED]> Date: Mon, 8 Jul 2002 12:32:23 -0400
>The first thing I did was to set the policy to drop for the forward chain as in: > >iptables --policy FORWARD DROP > >Next, I tried to open one door on the forward chain, allowing icmp packets of the >echo request type to ping any other machine as in: > >iptables -A FORWARD -o eth0 -p icmp --icmp-type echo-request -s 192.168.0.0/24 -m >state --state NEW -j ACCEPT > >The result is, it doesn't work. > No, it won't You aren't letting the return packet of echo-reply back through. I would do it with this: iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT You could add the interface and protocol if you'd like. >Thanks, > >Mark > > lance
