If all your tables are set to accept why don't you just connect the fax server directly to the network? (Unless of course you're trying to translate IPX/SPX to TCP/IP). How does the network transfer the data to the fax server?
Replying to the message sent by David Dumortier �on Mon, 26 May 2003 14:30:13 +0200, received at 19:29:26 on 26/05/2003. David Dumortier wrote: >Hello, > >We have got a problem to setting iptables on a gateway. >Topology : > >Network with an hylafax server A gateway on debian with 2 network >cards, one on network (tr0) and the other (eth0) on the next >computer A computer (on $ OS who want to fax) > >We put ip_conn_track, and ip_conn_track_ftp on the kernel of the >gateway We can make a telnet fax_server 4559, login as user and ... >nothing else > >the iptables' rules : > >/sbin/modprobe ip_conntrack_ftp ports=21,4558,4557,4559 >/sbin/modprobe ip_nat_ftp ports=21,4558,4557,4559 > >iptables -A INPUT -p tcp -i eth0 --dport 4557:4559 -j ACCEPT >iptables -A INPUT -p tcp -i tr0 --dport 4557:4559 -j ACCEPT > >iptables -A INPUT -p tcp --sport 4557:4559 -m state --state >NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 1024: >--dport 1024: -m state --state ESTABLISHED -j ACCEPT iptables -A >OUTPUT -p tcp --sport 4557:4559 -m state --state NEW,ESTABLISHED -j >ACCEPT iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m >state --state ESTABLISHED,RELATED -j ACCEPT > >iptables -A FORWARD -p tcp --sport 4557:4559 -s Faxaddr -j ACCEPT >iptables -A FORWARD -p tcp --sport 4557:4559 -s Clientaddr -j ACCEPT >�iptables -A FORWARD --source Clientaddr -m multiport --protocol tcp >--dport 4557,4558,4559 -j ACCEPT iptables -A FORWARD --source >Gatewayaddr -m multiport --protocol tcp --dport �4557,4558,4559 -j >ACCEPT iptables -A FORWARD --source Serveraddr -m multiport >--protocol tcp --dport 4557,4558,4559 -j ACCEPT > >iptables -A FORWARD -m multiport --protocol tcp --dport >4557,4558,4559 -j ACCEPT iptables -A FORWARD -m multiport -m state >--state RELATED,ESTABLISHED -j ACCEPT > >iptables -A INPUT -p tcp --sport 4557:4559 -j ACCEPT iptables -A >INPUT -p tcp --dport 4557:4559 -j ACCEPT iptables -A INPUT -m >multiport --protocol tcp --sport 4557,4558,4559 -j ACCEPT > >iptables -A OUTPUT -p tcp -o eth0 --sport 4557:4559 -j ACCEPT >iptables -A OUTPUT -p tcp -o tr0 --sport 4557:4559 -j ACCEPT > >iptables -t nat -A PREROUTING -p tcp --dport 4557:4559 -j DNAT --to- >destination Serveraddr iptables -t nat -A PREROUTING -p tcp --sport >4557:4559 -j DNAT --to-destination Clientaddr > >If you have advice ... > >David Dumortier [EMAIL PROTECTED]
