18 Nov
2001
18 Nov
'01
13:18
Hi, I haven't got to grips with iptables - on my must do list - but there is an answer for ipchains/mark forward which may work for you. For clarity, internet dev is ppp0, dmz is eth1 ipchains -A input -i ppp0 -d ip_of_ppp0 110 -m 110 -j ACCEPT ipmasqadm mfw -A -m 110 -r ip_of_dmz_host ipchains -A forward -i ppp0 -s ip_of_dmz_host -j MASQ You can choose any mark you wish. I tend to make it meaningful if I can. The last liner may seem a bit strange but it is essential for mfw to work. You can - and should - add other rules to bolt the communications down eg ipchains -A input -i eth1 -s ip_of_dmz_host 110 -d any 1024:65535 -j ACCEPT ipchains -A input -i eth1 -s ip_of_dmz_host -j DENY HTH John