I have a BOX with two interfaces (eth1 and eth2) between two different
networks (Net1 and Net2). Something like that:
[Net1]<->[eth1 BOX eth2]<->[Net2]
Net1:192.168.1.0/24
eth1:192.168.1.1
Net2:192.168.2.0/24
eth2:192.168.2.1
When I do a ping from 192.168.2.200 to 192.168.1.1, this classifies as INPUT
and the answer as OUTPUT, or not?
In this case, what interface (eth1 or eth2) could be referring with the
options '-i' and '-o'?
iptables -A INPUT -p icmp -m icmp --icmp-type echo-request -i eth? -s
192.168.2.200 -d 192.168.1.1 -j ACCEPT
iptables -A OUTPUT -p icmp -m icmp --icmp-type echo-reply -o eth? -s
192.168.1.1 -d 192.168.2.200 -j ACCEPT
man page say:
[!] -i, --in-interface name
Name of an interface via which a packet was received (only for
packets entering the
INPUT, FORWARD and PREROUTING chains). When the "!" argument
is used before the
interface name, the sense is inverted. If the interface
name ends in a "+", then
any interface which begins with this name will match. If this
option is omitted,
any interface name will match.
[!] -o, --out-interface name
Name of an interface via which a packet is going to be sent
(for packets entering
the FORWARD, OUTPUT and POSTROUTING chains). When the "!"
argument is used before
the interface name, the sense is inverted. If the
interface name ends in a "+",
then any interface which begins with this name will match. If
this option is omit-
ted, any interface name will match.
but...?
Thanks,
Julio
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
