I have a windows PC behind a linux gateway with iptables. Whit it, the default policy for all is DROP, but the two line "mangle" are ACCEPT.

All work well to go on internet, send/received email,etc...

But there is one thing wich don't want to work, and i don't understand at all what is wrong. I have a small daemon who is listening on my network card eth0 on LAN side at port 3000, and I can't connect on it from my windows browser.

But, when I put policy for nat table "POSTROUTING, OUTPUT" to ACCEPT, it's work! I am able to connect on my daemon.

I don't understand because I have between other the folowing rules:

iptables -t nat -A PREROUTING -i eth0 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j ACCEPT

iptables -t nat -A OUTPUT -o eth0 -j ACCEPT

Why when i put default policy of nat table to DROP, i can't connect? even with this rules?

What i have to do against?

Thanks.

Guillaume.