A little iptables help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Sep 28, 2005 at 09:09:27AM -0700, Kirk Bocek wrote:
> 
> 
> Rodrigo Barbosa wrote:
> >
> >Humm, that should be relatively simple:
> >
> >iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT
> >iptables -t nat -A PREROUTING -p tcp --destination-port 8000 -j DNAT 
> >--to-destination ${DESTINATION_SERVER}
> >
> >iptables -A FORWARD -p tcp --destination-port 8000 -d 
> >${DESTINATION_SERVER} -s ${SOURCE1} -j ACCEPT
> >iptables -A FORWARD -p tcp --destination-port 8000 -d 
> >${DESTINATION_SERVER} -s ${SOURCE2} -j ACCEPT
> >iptables -A FORWARD -p tcp --destination-port 8000 -d 
> >${DESTINATION_SERVER} -s ${SOURCE3} -j ACCEPT
> >iptables -A FORWARD -p tcp --destination-port 8000 -d 
> >${DESTINATION_SERVER} -s ${SOURCE4} -j ACCEPT
> >iptables -A FORWARD -p tcp --destination-port 8000 -d 
> >${DESTINATION_SERVER} -j REJECT --reject-with tcp-reset
> >
> 
> Rodrigo, wouldn't the port filtering take place in the INPUT chain?
> 
> iptables -P INPUT DROP
> iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT

My bad. I started writing thinking it would have to redirect port 80
too, then noticed my mistake. After that, I forgot to move it to the
INPUT chain.

[]s

- -- 
Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO0cwpdyWzQ5b5ckRAnJRAJ4zVWlovWJyUfbl6Kj1souw5dDzfgCfXVPg
GXFr9h5h8MIGEO11Et6z1I0=
=2sp/
-----END PGP SIGNATURE-----

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux