On Friday 04 August 2006 03:27, wpc wrote:
NNTP works well on my firewall, but doesn't work at all on client computers that reside behind my firewall.
i put this iptables line in my custom firewall script file.
under "fw_custom_after_antispoofing()"
i have
iptables -N network1_in iptables -N network1_out iptables -A FORWARD -i eth2 -o eth1 -j network1_in iptables -A FORWARD -i eth1 -o eth2 -j network1_out
iptables -t nat -A POSTROUTING -o eth2 -p tcp -s $mynet --sport 1024:65535 -d 0/0 --dport 119 -j SNAT --to $my_ext_ip
iptables -A network1_out -p tcp -s $mynet --sport 1024:65535 -d 0/0 --dport 119 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A network1_in -p tcp -s 0/0 --sport 119 -d $mynet --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
but it still doesn't work ? what could be the problem
Why do you want your internal machines to traverse your firewall to get to an nntp server? The proper thing to do is run your own server on the firewall which is the only machine that would have to bother the public servers. -- _____________________________________ John Andersen