Re: Allowing select IPs access to a single port

"Chris Partsenidis" <Chris@xxxxxxxxxxx> · Sun, 9 Feb 2003 17:58:48 +0200

Assining the service your remote hosts are trying to access 
are on the firewall box and its a service that uses the TCP transport protocol, 
you could try something like the following:

iptables -A INPUT  -s remoteip -p tcp -d yourfirewallip 
--dport 3306 -j ACCEPT

If the service is on another pc on the internal 
network:

iptables -A PREROUTING -t nat -s remoteip -p tcp -d 
yourfirewallip --dport 3306 -j DNAT --to internalhostip

and in the case your internal service is running on a 
different port, e.g 4000:

iptables -A PREROUTING -t nat -s remoteip -p tcp -d 
yourfirewallip --dport 3306 -j DNAT --to internalhostip:4000

Hope this helps. I'll soon be covering IPTables on my website 
so you can check in a few weeks times, hopefully I'll have it posted by 
then:
www.Firewall.cx

Cheers,
__________________________
Chris Partsenidis.
Systems Network 
Administrator
Email: Chris@firewall.cx
http://www.firewall.cx  

__________________________

  ----- Original Message ----- 
  From: 
  security@grossepointe.com 
  To: netfilter@lists.netfilter.org 

  Sent: Sunday, February 09, 2003 1:12 
  AM
  Subject: Allowing select IPs access to a 
  single port 

  Hello, 

What would be 
  the best way to only open port 3306 to 1 or 2 IPs for remote connection? I was 
  hoping someone could provide an iptable command that would achieve 
  this.
  I have tried a few things but I am a newbie and have yet 
  to figure this one out.  Any resources or assistance would be 
  appreciated.
  Thanks in advance. 

Doug