That is what you generally use prerouting for, but I suppose you could use the forward chain as well (if your pc has a public IP address) The forward chain (with masquerade) is used for "routing" connections through your firewall. IE: If you are masquerading the connections then the following line: iptables -A FORWARD -p tcp --dport 22 -s 10.1.1.69 -j ACCEPT would read: any ssh (port 22) connection that is being routed (forwarded) through the firewall (or router), let through. The forward chain is mainly used for routers (firewalls that are designed to protect networks) and not for standalone firewalls that are designed to only protected a single machine. If you have any questions, feel free to let me know. Hope this helps Jon Hoffman On Tuesday 09 December 2003 08:54, BLeonhardt@analytek.de wrote:
hi,
I usually use prerouting for this purpose ...
cu bruno
alexander@mindflayer.de schrieb am 09.12.2003 15:59:12:
Hi,
as far as I know, you can use it to reach a pc behind a firewall, for example with ssh (forward port 23 to the ip of the specific pc) or you can use it to forward all request of a program to a pc (for example a filesharing tool or instant messager).
Bye Alex
Hi,
does anybody know what to do with the "forward" chain in the nat - table ? I know the sense of prerouting and postrouting ( I hope ;-) ) ... but for what is the "forward" chain ?
cu bruno
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here