Re: Opening :80 through a NATing iptables firewall.
I'd just like to say how much you folks on the Debian lists rock. I've
been lurking for quite a while and have seen more helpfulness and
..eh.. cheer(?) towards your fellow users than on any other mailing list.
Vineet Kumar wrote:
Looks good to me, though I'd be surprised if it works without also
adding this rule [...]:
iptables -A FORWARD -o $INETDEV -i $LANDEV -s 192.168.1.10 -j ACCEPT \
-m state --state ESTABLISHED,RELATED
or maybe you already had a more general rule allowing outbound traffic
to be forwarded from your lan to the Internet, in which case you don't
need to add anything and it should already be working.
Indeed I had a more general rule to let other computers inside the
From my experience, though, you're doing things correctly! If there's a
better way to do it, I've never seen it.
Whew! Thanks. This was bothering me. It was entirely too easy, so I
was certain I'd left some great, gaping hole.
 Trying to absorb knowledge from the collective, y'know.
 iptables -A FORWARD -i $LANDEV -d $ANYWHERE -m state \
--state ESTABLISHED,RELATED -j ACCEPT