Dear All,

I asked to setup a firewall that have two zones. My LAN having (firewall eth1 - and router's connected ip (firewall eth0 -

I have written a script with drop policy. Internal ( pcs need to access external SMTP/POP server ip a.b.c.d and also few pcs need to connect to it via SSH(putty).

I have tried to do this using following script and it is not working.(I am only having experience to write few rules for SMTP/POP servers using INPUT and OUTPUT chains that not FORWARD chain)

# Drop all
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Accept loop back address
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Forward SMTP/POP3,ssh traffic to and from OUT side
iptables -A FORWARD -i eth1 -o eth0 -p tcp -s -d a.b.c.d --dport smtp,pop3,ssh -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -o eth0 -i eth1 -p tcp -s a.b.c.d -d --sport smtp,pop3,ssh -m state --state ESTABLISHED -j ACCEPT

# Save and Start Iptables
service iptables save
service iptables start
Using following script I cant access the a.b.c.d server for smtp, pop3 and ssh.
Pls someone help meto correct this..