12 Mar
2002
12 Mar
'02
17:39
Argentium G. Tiger write:
Robert writes:
Add 443 as follows:
FW_SERVICES_EXT_TCP="22 25 53 443" FW_SERVICES_INT_TCP="22 53 443" But those allow port 443 into the firewall itself as opposed to port forwarded machines on the internal network.
Ah, yes. You're right. I forgot destination nat is done before input/forward. It's forst destination nat, then you have a packet for 192.168.0.2, which gets into the FORWARD chain, while FW_SERVICES_* are for the INPUT chain only. Thanks for the remainder. Robert