Talk About Network

Google





Software > Linux Debian Maint Firewall > Re: iptables fi...
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 1 of 3 Topic 1616 of 1645
 Post > Topic >>

Re: iptables filtering ****ts under nat

by James Shupe <shupej@[EMAIL PROTECTED] > Oct 17, 2008 at 01:40 AM

--=-vpU9uq9EtDfXF+pEeTGH
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Correction:

[QUOTE]
You'd be better off with a DROP policy where you could just use:

/sbin/iptables .... -d $EXTERNAL_HOST -p 80 -j ACCEPT

With your ACCEPT policy, just use inverse:

/sbin/iptables .... -d ! $EXTERNAL_HOST -p 80 -j DROP
[/QUOTE]

"-p 80" needs to be "-p tcp --d****t 80". Not sure how I overlooked it.

-=20=20
James Maurice Shupe       | HermeTek Network Solutions
shupej@[EMAIL PROTECTED]
       | *NIX Consulting and Hosting
GPG signed mail preferred | http://www.hermetek.com
Plain text mail preferred | 1.866.325.6207

Key fingerprint: D484 EACC 9D0F A2A5 5277 C4A8 5704 1987 A938 DF3A

------------------------------------------------------------------------
This Email is covered by the Electronic Communications Privacy Act,
18 U.S.C. 2510-2521 and is legally privileged. The information
contained in this Email is intended only for use of the individual
or entity named above. If the reader of this message is not the intended
recipient, or the employee or agent responsible to deliver it to the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately
notify us by telephone 1.866.325.6207 and destroy the original message.


On Thu, 2008-10-16 at 15:27 -0400, Luis Rondon Paz wrote:
> hello everyone i have a question
> i have this in my iptables
>=20
> EXT_IF=3Deth1
>=20
> #############
> /sbin/iptables -t nat -A POSTROUTING -s 12.16.2.5 -o $EXT_IF -j
MASQUERADE
>=20
>=20
> now
> how can i DROP ALL TRAFIC FROM IP 12.16.2.5 ??? exept ****t 80 to one
> external ip ?
>=20
> example
>=20
> i neeed to drop all traffic
> and  i need to allow the traffic to one address only
>=20
> how can i do that =C3=87????
>=20
>=20
> /sbin/iptables -t nat -A POSTROUTING -s 12.16.2.5 -d EXTERNALONEHOSTONLY
> -o $EXT_IF -j  ACCEPT
>=20
> /sbin/iptables -t nat -A POSTROUTING -s 12.16.2.5 -d 0.0.0.0/0 -o
$EXT_IF
> -j  DROP ???
>=20
>=20
> OR SHOULD I NEED TO USE TO FORWARD ??
>=20
> thanks for reading me .
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20

--=-vpU9uq9EtDfXF+pEeTGH
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBI98/iVwQZh6k43zoRAqVbAJ9mXOsLvJQbcEc6WJK6U+KPz1QSTACgvyGE
9E8nMUdDY6C9vVyNIPYu4ek=
=L+Le
-----END PGP SIGNATURE-----

--=-vpU9uq9EtDfXF+pEeTGH--


-- 
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
 a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]




 3 Posts in Topic:
Re: iptables filtering ports under nat
 James Shupe <shupej@[E  2008-10-17 01:40:05 
Re: iptables filtering ports under nat
 "Diego Lilioso"  2008-10-17 05:20:07 
Re: iptables filtering ports under nat
 Julian Esteban Perconti &  2008-10-17 15:20:12 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
localhost-V2008-12-19 Fri Jan 9 16:09:34 PST 2009.