There are a few things I can see that won't work...
Quote:
iptables -A INPUT -p tcp --source-port 1433 -s 222.222.222.20 -j ACCEPT
iptables -A INPUT -p tcp --source-port 1444 -s 222.222.222.20 -j ACCEPT
|
Are you sure the source port will always be the same?
These rules would affect new connections coming in and should really refer to destination ports, ie server ports on your pc.
If they were intended for outgoing connections, they are covered by the iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT rule..
Quote:
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
|
This would cause problems when replies come back from forwarded connections. It should only apply to the outgoing interface eg
iptables -t nat -A POSTROUTING -o $WAN_NIC -j MASQUERADE
And you are making a lot of references to "-s ip.number.on.lan" . Only needs to be done if you are a router, not a host/gateway.
This is best handled by the reverse path filter
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
Have a read of this
tutorial and then a look at
Firestarter and
Shorewall packages..