Also dose "/etc/init.d/iptables save" reflect the proc->ip_forward setting? Change /etc/network/options, that is where I set this.
What do you mean by this? # cat /etc/network/options ip_forward=no spoofprotect=yes syncookies=no My new script: # cat myiptables #!/bin/sh # Disable forwarding echo 0 > /proc/sys/net/ipv4/ip_forward # load some modules (if needed) #modprobe ip_nat_ftp modprobe ip_conntrack_ftp # Default rules iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Flush iptables -t nat -F POSTROUTING iptables -t nat -F PREROUTING iptables -t nat -F OUTPUT iptables -F # Localhost iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Open ports on router for server/services iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 20 iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 21 iptables -A INPUT -j ACCEPT -p tcp --dport 22 iptables -A INPUT -j ACCEPT -p tcp --dport 25 iptables -A INPUT -j ACCEPT -p tcp --dport 80 iptables -A INPUT -j ACCEPT -p tcp --dport 143 #iptables -A INPUT -j ACCEPT -p tcp --dport 443 iptables -A INPUT -j ACCEPT -p tcp --dport 993 # STATE RELATED for router iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Enable forwarding #echo 1 > /proc/sys/net/ipv4/ip_forward