Thanks I will read this through a bit later. Perhaps I was making more of it than needed, but my attempts were not working. And all I was trying for at first was to allow SSH through. Steven Haigh wrote: > > On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote: >> I spent much of the past 24 hours trying to find out how to set up >> iptables for firewall routing WITHOUT NATing. Could not find anything. > > > *boggle* Is it really that hard? > > ## Clear up whatever is in there at the moment. > iptables -F INPUT > iptables -F FORWARD > iptables -F OUTPUT > iptables -t nat -F POSTROUTING > > ## Accept anything related to existing connections > iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j > ACCEPT > > ## I want to allow incoming port 80 to 1.2.3.4 > iptables -A FORWARD -i ppp0 -d 1.2.3.4 -p tcp -m state --state NEW -m > tcp --dport 80 -j ACCEPT > > ## I want to allow incoming port 123 (ntp) to 1.2.3.6 > iptables -A FORWARD -i ppp0 -d 1.2.3.6 -p udp -m udp --dport 123 -j > ACCEPT > > ## Lets block ALL other incoming things > iptables -A INPUT -j DROP > iptables -A FORWARD -j DROP > > There you go. That's a very basic firewall using iptables in about 3 > minutes :) > > -- > Steven Haigh > > Email: netwiz at crc.id.au > Web: http://www.crc.id.au > Phone: (03) 9001 6090 - 0412 935 897 > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >