[Cialug] iptables question
Dave Weis
djweis at internetsolver.com
Thu Dec 15 10:38:12 CST 2011
I've got a Linux machine set up to do SNAT and DNAT between external IP's and internal machines. For example x.x.x.219 gets translated to 192.168.115.11. It works fine with something like this:
iptables -A PREROUTING -d x.x.x.219 -i eth0 -j DNAT -to-destination 192.168.115.11
iptables -A POSTROUTING -s 192.168.115.11 -j SNAT -to-source x.x.x.219
The problem is that I only want a few ports to be exposed through and the filtering I'm doing in the forwarding process isn't filtering.
Iptables -A FORWARD -d x.x.x.219 -p tcp -dport 2200 -j ACCEPT
Iptables -A FORWARD -d x.x.x.219 -j DROP
Everything still gets through to the inside machine. What am I doing wrong?
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20111215/adf0caf8/attachment.html>
More information about the Cialug
mailing list