On Tue, 2004-08-31 at 10:21, debi@niit.edu.pk wrote: > Hi, > > I am using the following iptables rules for the NAT, but i also want to > block outgoing port 25 traffic from the LAN clients. INAT works fine but > the outgoing port 25 is still open > > /sbin/iptables -F -t nat > /sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 -d ! 10.0.0.0/8 > --dport 25 > -j REJECT > /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > But the outgoing port 25 is still open, can some tell me whats wrong in > these rules. > Filtering for NAT is done on the FORWARD chain. The only reason you appear to be blocking incoming traffic on 25 is that the port isn't being forwarded through in the first place. You don't need to explicitly block incoming traffic to the LAN because it only allows traffic for ports specifically setup to forward through into the LAN.
Attachment:
signature.asc
Description: This is a digitally signed message part