search for: ip_intern

...d before the filter FORWARD chain and this way the packets change their source and are not allowed to pass FORWARD that is restricted to only 7 IPs. I use this rules to forward the port: iptables -t nat -A PREROUTING -p tcp --dport <port> -i <external NIC> -j DNAT --to <ip_intern>:<port> -d <ip_extern> iptables -t nat -A PREROUTING -p udp --dport <port> -i <external NIC> -j DNAT --to <ip_intern>:<port> -d <ip_extern> and this on the FORWARD chain that has a default policy to DROP iptables -A FORWARD -i <internal NIC> -s 19...