Re: Iptables help ..
From: Eric Gaumer (gaumerel_at_ecs.fullerton.edu)
Date: 08/31/04
- Previous message: Alvin Oga: "logo - Re: Tux logo, Nvidia drivers, and framebuffer"
- In reply to: debi_at_niit.edu.pk: "Iptables help .."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: debian-user@lists.debian.org Date: Tue, 31 Aug 2004 11:15:17 -0700
On Tue, 2004-08-31 at 10:21, debi@niit.edu.pk wrote:
> Hi,
>
> I am using the following iptables rules for the NAT, but i also want to
> block outgoing port 25 traffic from the LAN clients. INAT works fine but
> the outgoing port 25 is still open
>
> /sbin/iptables -F -t nat
> /sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 -d ! 10.0.0.0/8
> --dport 25
> -j REJECT
> /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>
> But the outgoing port 25 is still open, can some tell me whats wrong in
> these rules.
>
Filtering for NAT is done on the FORWARD chain. The only reason you
appear to be blocking incoming traffic on 25 is that the port isn't
being forwarded through in the first place.
You don't need to explicitly block incoming traffic to the LAN because
it only allows traffic for ports specifically setup to forward through
into the LAN.
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Alvin Oga: "logo - Re: Tux logo, Nvidia drivers, and framebuffer"
- In reply to: debi_at_niit.edu.pk: "Iptables help .."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
