Glen Spidal wrote:

> What IPTables commands do I need to issue in a script to allow port 25 
> and 110 (email) to work.  See attached PDF file.

Can't you set up the Windows 2000 Pro as a client, and use Linux as the 
main router ?

Otherwise you need to do:

1) add destination(192.168.254.X)-gateway(192.168.0.47) route for each 
client PC on the windows PC,  
since the client IP's are dynamic, this is impractical.
OR
2) enable MASQUERADING on the linuxbox
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


In both cases enable ip_forwarding on the linuxbox.
echo "1" > /proc/sys/net/ipv4/ip_forward

This offcourse doesn't matter for http if you use a proxy, but anything 
else 
won't work without one of the two mentioned above.

Then you can add some rules like:
  iptables -P forward drop

  iptables -A forward -i eth0 -o eth1 -sport 25 -m state --state 
ESTABLISHED -j ACCEPT
  iptables -A forward -i eth1 -o eth0 -dport 25 -j ACCEPT

  iptables -A forward -i eth0 -o eth1 -sport 110 -m state --state 
ESTABLISHED -j ACCEPT
  iptables -A forward -i eth1 -o eth0 -dport 110 -j ACCEPT


The ip of eth0 (192.168.254.250) is the same as the dhcp-server 
(192.168.254.250) which
doesn't make sense (to me).

( eth0 = connected to windows, eth1 connect to switch )

HTH
greetz
B.Mermuys


>  
> Glen Spidal
> Hillsboro Oregon USA
> PH: 503-681-9786  FX: 503-615-2936 
> www.cybercorpinc.com <http://www.cybercorpinc.com/>
>