Re: iptables for linux router/firewall on home lan
From: Robert (noone_at_noplace.nowhere)
Date: Tue, 22 Nov 2005 02:13:49 -0500
On Mon, 21 Nov 2005 14:49:29 +0000, William Gill wrote:
> These look good, and are similar to my draft script, but much clearer.
And easier to follow. <g>
> I assume that if I need to work with the firewall box, I could add:
> iptables -A INPUT -i eth1 -j LAN
No. You will have to add an INPUT statement. the -j LAN is for FORWARD
only. Forward is only passing the packet to LAN to test is it is OK to
Forward the packet on.
Anything that is going to end at the router will need an INPUT statement
iptables -A INPUT -i eth1 -j ACCEPT
> I'm a little confused about
> /sbin/modprobe ip_conntrack_ftp
> since my ftp seems to work w/o it?
It all depends on how your client is making FTP connection. If you only
use passive mode then you might not need this.
-- Regards Robert Smile... it increases your face value! ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==---- http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups ----= East and West-Coast Server Farms - Total Privacy via Encryption =----