[LUAU] help with iptables
Eric Hattemer
hattenator at imapmail.org
Mon Oct 15 01:14:14 PDT 2007
Eric Hattemer wrote:
> Whoever Whatever wrote:
>
>> Hi,
>> when I have a linux box with two NICs, one $EXTIF (external) and
>> one $INTIF (subnet=192.168.176.0/20). With ip masq turn on:
>> iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
>>
>> how do I block $INTIF(192.168.176/20) from accessing ports(ie: 80) on
>> the linux box(192.168.176.1), but still allow port 80 access using ip
>> masq to the outside world?
>>
>> I tried the filters below, but I still can access port 80 after
>> applying the rules:
>> iptables -A INPUT -i $INTIF -p tcp -m tcp --dport 80 --syn -j DROP
>> iptables -A FORWARD -i $INTIF -p tcp -m tcp --dport 80 --syn -j DROP
>> iptables -A INPUT -p tcp -s 192.168.176.0/20 -d 192.168.176.1 --dport 80 -j DROP
>>
>> anyone know if it's possible?
>>
>>
>
> I don't know any iptables, because I've never had to. Maybe someone on
> the list will answer your question, but in the meantime, I strongly
> suggest a program called fwbuilder. You drag your rules around, and
> when you're done, you can auto-generate scripts for every major
> routing/firewall language you can think of.
>
But if you do have a pretty good idea of what you're doing and want to
debug it, Phil Dibowitz wrote a nice program called IPTState at
http://www.phildev.net/iptstate/ that shows you what iptables is up to
in realtime. It's of wide enough acclaim that you can probably find it
in your local package management tool.
-Eric Hattemer
More information about the LUAU
mailing list