>> for some reason I can't make a connection to the external mail >> server from inside the lan. even from the 10.0.0.3 address which >> should be allowed to do anything. everything used to work when i >> used MASQUERADing but stopped once i switched to SNAT. Can anybody >> help me? What am I doing wrong??
> what you are doing wrong is change working things > the following works perfectly (eth1: WAN, eth0: LAN) > iptables -t filter -P INPUT ACCEPT > iptables -t filter -P FORWARD ACCEPT > iptables -t filter -P OUTPUT ACCEPT > iptables -t nat -P PREROUTING ACCEPT > iptables -t nat -P POSTROUTING ACCEPT > iptables -A FORWARD -i eth1 -d 192.168.1.0/24 -j ACCEPT > ipatbles -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth1 -j MASQUERADE the thing is I don't want to allow all my local machines to access the net. Only selected services (POP3S, DNS, and SMTPS) are allowed. Although there are exceptions like 10.0.0.3. Additionaly my ISP limits the amount of traffic from 1 IP. I have 5 public addresses I want to roundrobin them so that traffic gets distributed accross the IPs. > what is this???????????????????????? > -A INPUT -i eth1 -j ACCEPT that's allow local packets from the lan (eth1) into the server. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
