Rodrigo Barbosa wrote:
>
> Humm, that should be relatively simple:
>
> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT
> iptables -t nat -A PREROUTING -p tcp --destination-port 8000 -j DNAT --to-destination ${DESTINATION_SERVER}
>
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE1} -j ACCEPT
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE2} -j ACCEPT
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE3} -j ACCEPT
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE4} -j ACCEPT
> iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -j REJECT --reject-with tcp-reset
>
Rodrigo, wouldn't the port filtering take place in the INPUT chain?
iptables -P INPUT DROP
iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
A little iptables help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: A little iptables help
- From: t004 at kbocek.com (Kirk Bocek)
- Date: Wed Sep 28 16:09:29 2005
- In-reply-to: <20050928155655.GT26336@xxxxxxxxxxxxxxx>
- References: <1127912096.11027.5.camel@xxxxxxxxxxxxxxxxxxxxxx> <20050928151159.GR26336@xxxxxxxxxxxxxxx> <1127921861.23090.11.camel@xxxxxxxxxxxxxxxxxxxxxx> <20050928155655.GT26336@xxxxxxxxxxxxxxx>
- Follow-Ups:
- A little iptables help
- From: Rodrigo Barbosa
- A little iptables help
- References:
- A little iptables help
- From: James Pifer
- A little iptables help
- From: Rodrigo Barbosa
- A little iptables help
- From: James Pifer
- A little iptables help
- From: Rodrigo Barbosa
- A little iptables help
- Prev by Date: A little iptables help
- Next by Date: CentOS @ Linux World Expo, Oct 5- 6, 2005 , Olympia 2, London
- Previous by thread: A little iptables help
- Next by thread: A little iptables help
- Index(es):
 |