Re: iptables questionson CentOS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

 If you want to allow one ip to access one destination then you can
write the below rule in iptables.

 iptables -t nat -A POSTROUTING -s 192.168.101.230 -d centosip  -j MASQUERADE

iptables -t nat -A POSTROUTING -d 192.168.101.230 -s centosip  -j MASQUERADE

For remianing ip you can write a simple drop rule to centos ip.

This is will work you out i am sure.

Regards,
paps



On Thu, Dec 4, 2008 at 2:51 PM, Indunil Jayasooriya <indunil75@xxxxxxxxx> wrote:
> Hi,
>
> I know these  are a few  iptbales questions. NOT CentOS, anyway, I am
> running a firewall on centos 5.x.
>
> If you can response, it would be fine.
>
>
> I want to add a SNAT rule for one user in LAN to access one particular
> destination on the internet.
>
> Let's say www.centos.org
>
> I added the below rule. But . it does NOT work
> Pls assume 1.2.3.4 is the real ip of the firewall.
> ip address 192.168.101.230 is the client PC
>
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -j SNAT
> --to-source 1.2.3.4 -d www.centos.org
>
> Any idea to achieve it?
>
> And Also,
>
> the below rule excludes 1 ip. it works fine.
>
> iptables -t nat -A PREROUTING  -p tcp  -m multiport -s ! 192.168.1.9
> --destination-port 80,465,995 -j DNAT --to-destination :3128
>
>  I want to exclude about 4 or 5 ips.
>
>  let's say 192.168.1.11, 192.168.1.19, 192.168.1.20,192.168.1.25
>
>  Is there a way to do it?
>
> Hope to hear from you.
>
>
>
> --
> Thank you
> Indunil Jayasooriya
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux