Re: Can iptables do this?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you very much. The line below works fine.

Ding

dch@xxxxxxxxxxx wrote:

At 21:07 11/3/2003, you wrote:


My server has only one network card and I put two ip addresses on it. One is the normal one and the other is the local network address. The problem is HOW can I disable the firewall(iptables) within the local network(eth0:0) and only within the local network? Say I can connect to the server from any machine within the local network,say 192.168.0.2, or 192.168.0.10. But I can't connect to the server from outside,say 128.97.10.100 unless
I use ssh.




That pretty simple. Assume you LAN IP is on network 192.168.0.0:

Your first line in IPTables would be -
-A INPUT -s 192.168.0.0/24 -j ACCEPT

This line works.



Don't try to do it with device matching which could be problematic.
HOWEVER, you might want to create some statements with MAC matching to
preclude spoofing.

BTW, webmin provides a very good GUI to IPTables which might help you
get started. To eliminate the Webmin crutch, you need to review
/etc/sysconfig/iptables to see exactly what commands are being offered
to IPT.







--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux