On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote: > I spent much of the past 24 hours trying to find out how to set up > iptables for firewall routing WITHOUT NATing. Could not find anything. *boggle* Is it really that hard? ## Clear up whatever is in there at the moment. iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -t nat -F POSTROUTING ## Accept anything related to existing connections iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT ## I want to allow incoming port 80 to 1.2.3.4 iptables -A FORWARD -i ppp0 -d 1.2.3.4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT ## I want to allow incoming port 123 (ntp) to 1.2.3.6 iptables -A FORWARD -i ppp0 -d 1.2.3.6 -p udp -m udp --dport 123 -j ACCEPT ## Lets block ALL other incoming things iptables -A INPUT -j DROP iptables -A FORWARD -j DROP There you go. That's a very basic firewall using iptables in about 3 minutes :) -- Steven Haigh Email: netwiz at crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897