Vineet Kumar wrote:
Looks good to me, though I'd be surprised if it works without also adding this rule [...]: iptables -A FORWARD -o $INETDEV -i $LANDEV -s 192.168.1.10 -j ACCEPT \ -m state --state ESTABLISHED,RELATED or maybe you already had a more general rule allowing outbound traffic to be forwarded from your lan to the Internet, in which case you don't need to add anything and it should already be working.
Indeed I had a more general rule[2] to let other computers inside the firewall play.
From my experience, though, you're doing things correctly! If there's a better way to do it, I've never seen it.
Whew! Thanks. This was bothering me. It was entirely too easy, so I was certain I'd left some great, gaping hole.
[1] Trying to absorb knowledge from the collective, y'know. [2] iptables -A FORWARD -i $LANDEV -d $ANYWHERE -m state \ --state ESTABLISHED,RELATED -j ACCEPT