i just started waorking with ipfiltering thrw linux on a debian system(sarge)
but the attempt to make NAT and firewall seperated (well they r 2 seperated tables) is confuing and causeing me some problems....
for example if i want to make sure only certain port go threw, to my AND the oterh NATED computers (i'm the router for the moment) do i need to make port forwarding in the nat or should i make a firewall rule, and which overule wich (if i define it in the nat and not in the firewall, will it still b threw or b threw just to the others computers ?
The NAT-how to, ipfilters_howto in the iptables site r good and relatively comprehencive for beginers but they don't imply how to solve the above issue....
Another question is wheather u open or forward a port from the computer to comunication lets say hmmmm 4662 ;-P should i open it also to recive information or it wouldn't work...(tcp work both ways and so does udp though for udp this is not a must...)
יפנה את פורטים 1024 עד 5000 אל 192.168.0.2 (שים לב ל incomming interface ב -i)
אם ה default policy של ה input chain שלך הוא drop, אתה צריך להוסיף שם חוק שיקבל את זה קודם
_________________ Sure linux is user-friendly, it's just picky about who its friends are
i allready know how to forward ports... it wasn't my question.... i read the NAT how to which give pretty much the same examples as yours... your example nats ports from the outside to 1024-5000 to the local 192.168.1.2...
first of all i asked wiether it's enough , i mean what about the firewall, if what u mean to say is that in addition i need extra rule in my firewall, thne 10x u have answered my question (i also assume that no extra rule will b needed for XP)
and more then this, should i also make a rule postrouting and SNAT for these ports in order for comunication to work ?