iptables
GDHough
mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Sun Nov 9 01:21:46 UTC 2003
I still think you need an INPUT rule for this. Anyways, try inserting your
rules and then:
iptables -L --line-numbers
This will list your tables and the order in which packets traverse the
filters. I think you may be dropping before allowing...just a hunch.
On Saturday 08 November 2003 16:39, gbell72 wrote:
> It does seem so..I've since changed my rules again slightly to look like
> so..when I was using firestarter I only needed 2 rules to make this work,
> my present rules look like so:
>
> iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 8888 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
> iptables -t nat -I PREROUTING -i eth1 -p tcp --dport 8888 -j DNAT --to-dest
> 192.168.0.66:8888
>
> which still allows anyone on lan access, but not outside. I'm new at
> customizing my own rules so thing are still kinda cryptic to me
>
> On Sat, 8 Nov 2003, Kevin Cozens wrote:
> > At 03:03 PM 11/08/2003 -0500, you wrote:
> > > > I suppose it is possible. Which interface connects to your router and
> > > > which is used for the Internal LAN?
> > > >
> > > > eth1 connects to the cable modem eth0 connects to hub
> >
> > I haven't had to deal with relaying traffic between interfaces (yet). The
> > thought that occurs to me is that you would need to have rules to allow
> > eth1 to accept the incoming traffic from the remote user. A forwarding
> > rule to reroute the external traffic to your internal LAN on eth0, and
> > finally, a rule on eth0 to allow traffic coming from interface eth1 which
> > contains an origin address of the external user. It looks like you have
> > the first two parts. You may just be missing the last step.
> >
> >
> > Cheers!
> >
> > Kevin. (http://www.interlog.com/~kcozens/)
> >
> > Owner of Elecraft K2 #2172 |"What are we going to do today, Borg?"
> > E-mail:kcozens at interlog dot com|"Same thing we always do, Pinkutus:
> > Packet:ve3syb at ve3yra.#con.on.ca.na| Try to assimilate the world!"
> > #include <disclaimer/favourite> | -Pinkutus & the Borg
> >
> > --
> > The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> > TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> > How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>
> --
> The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
Eating Crow is better with MyCrowSauce
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list