I would personally filter either in the PREROUTING table: iptables -t nat -I PREROUTING -p tcp -s SOURCEIP -d EXT_INTERFACE --dport PORT -j DNAT --to INTERNALIP:PORT Or on the FORWARD table: iptables -I FORWARD -p $PROTO -s $SOURCEIP -d $INTERNALIP --dport $PORTINT -j ACCEPT This is assuming you have a default rule of drop or deny on your FORWARD table. Anthony Sadler Far Edge Technology w: (02) 8425 1400 -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Paul Goodyear Sent: Tuesday, 8 November 2005 12:47 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: iptables on DLink DSL-502T Modem/Router Hi all, Does iptables version v1.2.6a support forwarding from a source IP? The reason I ask, is I have a DLink DSL-502T modem router, the router has linux on and running iptables. The webadmin for the router does not allow you to create ip filters, port forwarding is there but not filtering. I want to allow access to port 3389 from only 1 internet IP address. Should this work? (81.81.81.81 being an example) iptables -A INPUT -s 81.81.81.81 -d 192.168.1.2 -p tcp --dport 3389 -j ACCEPT The router does no allow me to connect in once this rule is in iptables. Thanks. Paul.
