From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <46A4B3E6.5020808@mail.ru> Date: Mon, 23 Jul 2007 17:57:58 +0400 From: Alexy Hammer User-Agent: Thunderbird 2.0.0.5 (Windows/20070716) MIME-Version: 1.0 To: ALT Linux sysadmin discuss References: <46A497C6.2030409@soc.adm.yar.ru> In-Reply-To: <46A497C6.2030409@soc.adm.yar.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [Sysadmins] =?koi8-r?b?RE5BVCDEzNEg08XS18XSwSDXIMzPy8HM2M7PyiDT?= =?koi8-r?b?xdTJ?= X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.9rc1 Precedence: list Reply-To: ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jul 2007 13:57:35 -0000 Archived-At: List-Archive: > $IPTABLES -t nat -A PREROUTING --src $INET_CLIENT --dst $INET_IP -i > $INET_IFACE -p tcp --dport $PORTS_TCP -j DNAT --to-destination $LAN_SERVER > > $IPTABLES -A FORWARD -s $INET_CLIENT -i $INET_IFACE -d $LAN_SERVER -p > tcp --dport $PORTS_TCP -j ACCEPT > > $IPTABLES -t nat -A PREROUTING --src $INET_CLIENT --dst $INET_IP -i > $INET_IFACE -p udp --dport $PORTS_UDP -j DNAT --to-destination $LAN_SERVER > $IPTABLES -A FORWARD -s $INET_CLIENT -i $INET_IFACE -d $LAN_SERVER -p > udp --dport $PORTS_UDP -j ACCEPT > Сразу могу отметить, что не хватает правил для обратного траффика в цепочке FORWARD, типа: ${IPTABLES} -A FORWARD --source ${...} --destination ${...} -m state --state RELATED,ESTABLISHED -j ACCEPT ... с уважением, Алексей