[Cialug] iptables question
Barry Von Ahsen
barry at vonahsen.com
Thu Dec 15 10:46:50 CST 2011
I've got an old, old script that has dport in the PREROUTING and no FORWARD:
${IPTABLES} -A PREROUTING -t nat -p tcp -d ${EXTIP} --dport 80 -j DNAT
--to ${INTIP}
-barry
On 12/15/2011 10:38 AM, Dave Weis wrote:
>
> I've got a Linux machine set up to do SNAT and DNAT between external IP's and internal machines. For example x.x.x.219 gets translated to 192.168.115.11. It works fine with something like this:
> iptables -A PREROUTING -d x.x.x.219 -i eth0 -j DNAT -to-destination 192.168.115.11
> iptables -A POSTROUTING -s 192.168.115.11 -j SNAT -to-source x.x.x.219
>
> The problem is that I only want a few ports to be exposed through and the filtering I'm doing in the forwarding process isn't filtering.
> Iptables -A FORWARD -d x.x.x.219 -p tcp -dport 2200 -j ACCEPT
> Iptables -A FORWARD -d x.x.x.219 -j DROP
>
> Everything still gets through to the inside machine. What am I doing wrong?
>
> Dave
>
>
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list