On Sat, 19 Jun 2004, Randy Clarksean wrote: > Well ... I appreciate all of the generous help and input. What finally > worked is pasted below. > > $IPT -A FORWARD -i eth1 -o eth0 -j ACCEPT This is rather dangerous - if you misconfigure your NAT table or such, it'll allow the traffic to be forwarded in. I'd do something like: $IPT -A FORWARD -i eth1 -o eth0 -p tcp -d 192.168.1.99 --dport 22 -j ACCEPT ..which will only allow that one connection. > $IPT -A FORWARD -p tcp -j ACCEPT --dport 1025 -m state --state NEW This one shouldn't be needed, if I'm reading things correctly - nothing will ever hit the FORWARD table with a dport of 1025, in any case. (It's rewritten before it gets there). -- Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list