Henrik Nordstrom wrote: > Your INPUT and OUPUT rules looks a little odd.. but as you did not > include the full ruleset it is hard to tell.. (iptables -L only gives > a summary of the rules.. it is better to use iptables-save)
Thank's a lot, Henrik, for interressing to my pb:-) here are my iptables rules (eth0 192.168.200.1/16 - eth1 10.0.0.1 on ADSL-modem ethernet - workstations are on 192.168.200.10 to 60/16) best Regards Vincent #!/bin/sh # ############################################# # Vider les chaines iptables -F # Supprimer d'eventuelles chaines perso iptables -X # Pointage par defaut sur DROP iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Pareil avec les tables nat et mangle mais pointent sur ACCEPT iptables -t nat -F iptables -t nat -X iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT # Le serveur est sur iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Le LAN est sur iptables -A INPUT -i eth0 -j ACCEPT iptables -A OUTPUT -o eth0 -j ACCEPT #ouvrir ssh iptables -A INPUT -p tcp --dport 22 -i ppp0 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -o ppp0 -j ACCEPT # Mise en place du nat pour # tout ce qui traverse la passerelle # en sortant par ppp0 # le LAN est en 192.168.0.0 iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o ppp0 -j MASQUERADE iptables -A FORWARD -i eth0 -o ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward
