What i need now is to add a forward rule to an internal machine, if everything is ok.
How can i do this ? === I cannot comment on whether your iptables code "is OK" because I'm not familiar with the the "recent" module. But, I'm pretty sure that
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 João Reis wrote: === this is how you forward port 22 from your public-facing interface to port 22 on an internal, private machine: $IPTABLES -t nat -A PREROUTING -i ${public_iface} -p tcp --dport 22 \ -j DNAT --to-destination ${interal_ip}:22 (Adapted from MonMotha's firewall script, http://monmotha.mplug.org/firewall/index.php.) - -- Bernie Hoefer PGP e-mail is welcome! Get my 1024 bit signature key from: http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x446A6F93. "The more I know, the more I realize how much I do not understand." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCpR0PckGmqURqb5MRAkPIAJ9MgdjQ27re6IX3KPTbXivarsjeOQCfcBBA LFQ9dtEbjrz/s9TCRrUuOB0= =t+7x -----END PGP SIGNATURE-----