[22:58]<vrf>okay. [22:59]<vrf>so just: iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT [22:59]<pyznpyzxvnzbfu1>you don't need state forwarding info if you're not doing NAT [22:59]<vrf>... What? No rules then? [23:00]<vrf>only a DHCP server? [23:00]<pyznpyzxvnzbfu1>and sysctl forwarding allowed [23:01]<zj20>19:54 < rob0> Static route and you're good to go, won't need much of a firewall, being already behind the Linksys. [23:01]<vrf>well, i guess i would.. DMZ is open to that ip. [23:02]<zj20>ok, that's simple too. [23:03]<zj20>hmmm, danieldg doesn't have an example that quite fits [23:05]<zj20>http://danieldegraaf.afraid.org/info/iptables/simple (but s/:FORWARD DROP/:FORWARD ACCEPT) [23:05]<zj20>open whatever ports you need from the outside in INPUT [23:05]<vrf>okay [23:07]<zj20>You could leave :FORWARD DROP with your state rule and -A FORWARD -i eth1 -j ACCEPT [23:17]<vrf>i need a rule rob0 that forwards all www traffic on 10.0.0.0/24 to a specified port (my squid proxy) [23:20]<pyznpyzxvnzbfu1>where does your proxy sit? [23:20]<vrf>8080 [23:22]<pyznpyzxvnzbfu1>iptables -t nat -A PREROUTING -p tcp --dport 80 -i <internal interface> -j REDIRECT --to-port 8080 [23:22]<pyznpyzxvnzbfu1>depending on what you want done, you may need to add a few more tidbits to manipulate packets [23:24]<pyznpyzxvnzbfu1>netzero seems to be one of those f*cked up networks that doesn't pay attention to $TTL [23:29]<pyznpyzxvnzbfu1>it seems my HTTP issues aren't issues but someone using hping2 or similar to monitor my site [23:29]<pyznpyzxvnzbfu1>a bit odd
