-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Sep 28, 2005 at 09:09:27AM -0700, Kirk Bocek wrote:
>
>
> Rodrigo Barbosa wrote:
> >
> >Humm, that should be relatively simple:
> >
> >iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT
> >iptables -t nat -A PREROUTING -p tcp --destination-port 8000 -j DNAT
> >--to-destination ${DESTINATION_SERVER}
> >
> >iptables -A FORWARD -p tcp --destination-port 8000 -d
> >${DESTINATION_SERVER} -s ${SOURCE1} -j ACCEPT
> >iptables -A FORWARD -p tcp --destination-port 8000 -d
> >${DESTINATION_SERVER} -s ${SOURCE2} -j ACCEPT
> >iptables -A FORWARD -p tcp --destination-port 8000 -d
> >${DESTINATION_SERVER} -s ${SOURCE3} -j ACCEPT
> >iptables -A FORWARD -p tcp --destination-port 8000 -d
> >${DESTINATION_SERVER} -s ${SOURCE4} -j ACCEPT
> >iptables -A FORWARD -p tcp --destination-port 8000 -d
> >${DESTINATION_SERVER} -j REJECT --reject-with tcp-reset
> >
>
> Rodrigo, wouldn't the port filtering take place in the INPUT chain?
>
> iptables -P INPUT DROP
> iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
My bad. I started writing thinking it would have to redirect port 80
too, then noticed my mistake. After that, I forgot to move it to the
INPUT chain.
[]s
- --
Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDO0cwpdyWzQ5b5ckRAnJRAJ4zVWlovWJyUfbl6Kj1souw5dDzfgCfXVPg
GXFr9h5h8MIGEO11Et6z1I0=
=2sp/
-----END PGP SIGNATURE-----
