Port forwarding not working (nfcan: to exclusive)
neil at JAMMConsulting.com
neil at JAMMConsulting.com
Sun Apr 29 06:56:33 CEST 2007
Jim:
> The outside should be able to initiate
> so the first rule looks good:
>
> /sbin/iptables -A FORWARD -i eth0 -o eth1 -d $LINKSYS_VPN_IP
> -p tcp --sport 1024: --dport 1723
> -m state --state NEW,ESTABLISHED -j ACCEPT
>
> But you need to accept the return packets.
> How about this for the return pattern:
>
> /sbin/iptables -A FORWARD -i eth1 -o eth0 -s $LINKSYS_VPN_IP
> -p tcp --sport 1723
> -m state --state ESTABLISHED -j ACCEPT
That is my point. Without this rule, I should see packets
hitting the firewall in the log. I dont see them.
I can add this rule, but I dont think the return packets are
coming back correctly.
> The accept in the nat postrouting can be removed.
I need that as I also set the nat postrouting to drop
by default.
Would it help to see my entire firewall script?
Thanks,
Neil
--
Neil Aggarwal
JAMM Consulting, Inc.
More information about the netfilter
mailing list