iptables port redirect question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

How can I redirect all packets exclude the packets for lan ( 192.168.0.0 ) and
all packets to/from lo (localhost) ?

I have done something like

[.......]

    # Traffic on the loopback interface is accepted.
    iptables -A INPUT -i lo -j ACCEPT

   # Internal network connections are accepted. 
    iptables -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT


 iptables -t nat -A OUTPUT ! -o lo -p tcp -m tcp -j REDIRECT --to-ports 8080
 iptables -t filter -A OUTPUT -p tcp -m tcp --dport 8080 -j ACCEPT
 iptables -t filter -A OUTPUT ! -o lo -j DROP

[...............]

But this also redirect all local lan packets naturally, as it compares with lo . How can I combined both lo and local lan ?
Can a customized chain help ?

Thanks
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux