if your using iptables in the init.d scripts just try to add [0:0] infront of each FORWARD accepts in your /etc/sysconfig/iptables
..sample.. :FORWARD DROP [0:0] :INPUT DROP [0:0] [0:0] -A FORWARD -s SOMEIP -p tcp -m tcp -j ACCEPT HTH jm On Thursday 18 March 2004 15:16, Jesus, Jr. C. Enerio wrote: > Pluggers, question lang re: firewall. Default rule ng aming > gateway/firewall/proxy is INPUT & OUTPUT: ALLOW then FORWARD:DENY. Last few > days we had the need to port forward port 8443 to the net, I was able to > this using: > > iptables -t nat -A PREROUTING -p tcp -d $WAN_IP --dport 8443 -j DNAT --to > 192.9.200.5:8443 iptables -t nat -A POSTROUTING -d 192.9.200.5 -j SNAT --to > 192.9.200.14 > > But in doing so requires me to change the FORWARD rule to ALLOW (according > to what I read). > > Is there a possible iptable commands I need to execute before the 2 > commands above to enable me to revert back to FORWARD:DENY and still enable > the port forwarding function? > > Thanks and God bless. > > Jess > > > ____________________________________________________________ > Find what you are looking for with the Lycos Yellow Pages > http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.as >p?SRC=lycos10 -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
