David - 3:14 am on Mar 26, 2002 (gmt 0)

This one has got me pulling my hair out. I haven't been able to find any info for my setup, most docs I have found have the linux box doing the nat with two interfaces (eth0,eth1).

The set up is a hardware router that handles the nat so all internal IP's are Class C. I can open the web and ssh for the lan but I can't get this right.

I could sure use some direction, I have had this so many ways that I am starting to try the same things again (confused).

INTERNET="eth0"
UNPRIVPORTS="1024:65535"
IPADDR="192.168.1.2
################# udb SMB
if [ "$CONNECTION_TRACKING" = "1" ]; then
iptables -A OUTPUT -o $INTERNET -p udp \
-s 192.168.1.3 --sport 138 \
-d 192.168.1.2 --dport $UNPRIVPORTS -j ACCEPT
fi
iptables -A OUTPUT -o $INTERNET -p udp \
-s 192.168.1.3 --sport 138 \
-d 192.168.1.2 --dport $UNPRIVPORTS -j ACCEPT
iptables -A INPUT -i $INTERNET -p udp \
-s 192.168.1.2 --sport $UNPRIVPORTS \
-d 192.168.1.3 --dport 138 -j ACCEPT
########### SMB tcp
if [ "$CONNECTION_TRACKING" = "1" ];then
iptables -A OUTPUT -o $INTERNET -p tcp \
-s 192.168.1.3 --sport 139 \
-d 192.168.1.2 --dport $UNPRIVPORTS -j ACCEPT
fi
iptables -A INPUT -i $INTERNET -p tcp \
-s 192.168.1.2 --sport $UNPRIVPORTS \
-d $IPADDR --dport 139 -j ACCEPT
iptables -A OUTPUT -o $INTERNET -p tcp ! --syn \
-s $IPADDR --sport 139 \
--dport $UNPRIVPORTS -j ACCEPT