Re: iptables port forwarding for specific source addresses
- From: jayjwa <jayjwa@xxxxxxxxxxxxxxxxxxx>
- Date: Sun, 24 Aug 2008 16:42:50 -0400
"ynotssor" <ynotssor@xxxxxxxxxxx> writes:
We're seeking help please with finding examples or tutorials on the
following, which must be quite common: we wish to accept connections from
external specific IP address ranges to a certain port on an internal
machine.
What syntax is required to allow a machine w.x.0.0/16 to connect to our
external iptables eth1 = a.b.c.126:8317 (e.g. "security by obscurity") and
be forwarded to 10.0.0.9:443 where other AUTH security checks exist, please?
The iptables firewall currently drops all but RELATED, ESTABLISHED on
external eth1 and logs all unsolicited packets (we have that under control,
thanks):
Something like:
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 8317 -s w.x.0.0/16 -j DNAT --to-destination 10.0.0.9:443
You'll also need to do forwarding for eth1 and in the FORWARD table.
sysctl -w net.ipv4.conf.eth1.forwarding=1
I think you have the FORWARD table already policied to ACCEPT. If you
need UDP too, then one more rule like the above with -p udp will work.
--
Protect? [** America, The Police State **] Serve?
http://www.hermes-press.com/police_state.htm
http://www.theregister.co.uk/2008/01/27/bush_nsa_internal/
http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597
http://www.homelandstupidity.us/2008/07/04/electric-shock-for-air-passengers/
http://www.presstv.ir/detail.aspx?id=65414§ionid=3510203
Teen Tazered 19 times: http://www.ky3.com/news/local/26158674.html
Guns For TX Teachers: http://news.bbc.co.uk/1/hi/world/americas/7564654.stm
Castration Punishment: http://www.foxnews.com/story/0,2933,348171,00.html
.
- Prev by Date: Re: block ssh tunnels
- Next by Date: Re: copying whole directories CLI ftp client
- Previous by thread: Re: iptables port forwarding for specific source addresses
- Next by thread: Re: copying whole directories CLI ftp client
- Index(es):
Relevant Pages
|
