Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!peer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!STARBAND.NET-a2kHrUvQQWlmc!not-for-mail
From: gdunn <gdunn@example.com>
Subject: iptables help, please?
Newsgroups: comp.os.linux.security
User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508 git://git.gnome.org/pan2)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-ID: <a3d01$53a64f4b$9440befe$5576@STARBAND.NET>
X-Complaints-To: abuse@usenetserver.com
Organization: UseNetServer.com
Date: Sun, 22 Jun 2014 03:36:43 +0000
Lines: 49
X-Trace: a3d0153a64f4b31e51b5b05576
X-Received-Bytes: 2299
X-Received-Body-CRC: 4187210610
Xref: csiph.com comp.os.linux.security:513

Greetings all,

Hopefully there are still some knowledgeable people in the group, despite 
the apparent spam content.

I've inherited an iptables configuration that I don't understand, other 
than the UNSOLICITED line. Your help in understanding and correcting any 
problems will be appreciated.

First, eth1 is the WAN interface and eth0 is LAN. I'd like to clean up 
the file if possible, and at the same time allow WAN UDP packets on ports 
5198 and 5199 to be forwarded to 192.168.1.50, if possible. Thank You.

###############################################################
*filter
:FORWARD ACCEPT [eth0:0]
:INPUT DROP [eth1:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -m state -i eth1 --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p udp -s 148.78.249.200 --dport 53 -m state --state NEW 
-j ACCEPT
-A INPUT -i eth1 -p udp -s 148.78.249.201 --dport 53 -m state --state NEW 
-j ACCEPT
#-A INPUT -i eth1 -p udp -s 148.78.249.202 --dport 53 -m state --state 
NEW -j ACCEPT
-A INPUT -i eth1 -p udp -s 148.78.249.203 --dport 53 -m state --state NEW 
-j ACCEPT
-A INPUT -i eth1 -m state --state NEW -j LOG --log-level 7 --log-prefix 
UNSOLICITED:
COMMIT
*mangle
:PREROUTING ACCEPT [1471:303908]
:INPUT ACCEPT [636:240607]
:FORWARD ACCEPT [80:63181]
:OUTPUT ACCEPT [437:39285]
:POSTROUTING ACCEPT [1269:102466]
COMMIT
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
# Forward HTTP connections to Squid proxy
#-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 
3128
COMMIT
###############################################################