RE: Iptables masq traffic limiting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



>We should be talking live.  Why don't your join the #centos-social on freenode
>so we can chat real time?

Robert,
Just got back from my trip and reading that Tutorial, it went on to state
what I now find to be two distinct opposite thoughts. Its says at
http://iptables-tutorial.frozentux.net/chunkyhtml/c962.html that you shouldn't
filter in the NAT Postrouting chain as some streams of packets only have their
first packet hit the chain and everything else is redirected hence the possibility
exists that some packets can miss the rule.

It seems the Filter Forward chain is the safest place to limit what gets masq'ed
so internal clients could only have say port 80/443 but no ftp access as an example.

What are your thoughts in this?
Thanks,
jlc
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux