[23:08]<drvvx_>you may write a script that clears everything and set every rules [23:08]<drvvx_>and modify that one [23:09]<pdznsvzvz>yes that's what I would like to do (that's what I was trying to do with my pastebin. [23:09]<drvvx_>then you'll be sure of what youre doing, and what are the effect of each mods [23:09]<drvvx_>just an advice, I'm working like that [23:11]<drvvx_>another remark, I do not see any -P for the FORWARD rule, I guess that'll be ACCEPT by default, but mention it just in case [23:13]<drvvx_>about the $MAILSERVER not being able to acces any_net_serv:25 [23:13]<drvvx_>you need something like : iptables -I FORWARD -i $LOCALNET -p tcp -s $MAILSERVER --dport 25 -j ACCEPT [23:14]<drvvx_>(and not -i $INTERNET) [23:14]<drvvx_>just think about what you write, where packets arrives, and how does they look like (src, dst) and everything should be fine [23:17]<drvvx_>(you also probably want a '-m state' rule in the FORWARD chain) [23:45]<pdznsvzvz>so I'm back -- in the 9th hour trying to open up port 25 on my firewall. Can someone PLEASE lend me a hand with this. [23:48]<pdznsvzvz>simple question -- internet interface, eth1, local network eth0 -- how to open port 25 for one host 192.168.1.21 ? [23:53]<-- sgvgzs xzs fuyv (>/dev/brain")
