[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Opening :80 through a NATing iptables firewall.



I'd just like to say how much you folks on the Debian lists rock. I've been lurking for quite a while[1] and have seen more helpfulness and ..eh.. cheer(?) towards your fellow users than on any other mailing list.

Vineet Kumar wrote:

Looks good to me, though I'd be surprised if it works without also
adding this rule [...]:

iptables -A FORWARD -o $INETDEV -i $LANDEV -s 192.168.1.10 -j ACCEPT \
 -m state --state ESTABLISHED,RELATED

or maybe you already had a more general rule allowing outbound traffic
to be forwarded from your lan to the Internet, in which case you don't
need to add anything and it should already be working.


Indeed I had a more general rule[2] to let other computers inside the firewall play.


From my experience, though, you're doing things correctly! If there's a
better way to do it, I've never seen it.


Whew! Thanks. This was bothering me. It was entirely too easy, so I was certain I'd left some great, gaping hole.


[1] Trying to absorb knowledge from the collective, y'know.

[2] iptables -A FORWARD -i $LANDEV -d $ANYWHERE -m state \
	--state ESTABLISHED,RELATED -j ACCEPT



Reply to: