Bruno Nunes wrote:
> Hi folks,
> i have this rule which forwards all incoming requests for ipA to a
> local machine as you can see.
> iptables -t nat -A PREROUTING -d <ipA> -i eth0 -p tcp --dport 80
> -j DNAT --to 192.168.1.4
>
> is there any way to allow only a range of machines to use this
> specific rule (not interfering with the other rules)? dropping all
> requests that are not welcome.
By specifying the source IP('s).
iptables -t nat -A PREROUTING -s <src_ip[/mask]> -d <dst_ip> \
-i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.4
If you have the iprange match installed, you can also use that to match
a range instead of a subnet or host.
http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-iprange
Gr,
Rob
