[lug] iptables

D. Stimits stimits at idcomm.com
Tue May 21 21:18:31 MDT 2002


j davis wrote:
> 
> Hi,
> so if a request is made to the public interface of my firewall is
> the request processed as the public IP or the private IP for the firewall.
> 
> example :
> 
> I want to block telnet access to my firewall from the internet. I write
> rules
> in the INPUT chain to do this.Would i write the rule blocking telnet using
> the public or private interface
> 
> /sbin/iptables -A INPUT -i eth0 -d 10.0.0.1 -p tcp --dport 23 -j DROP
> 
>                       or
> 
> /sbin/iptables -A INPUT -i eth0 -d $MY_PUB_IP -p tcp --dport 23 -j DROP
> 
> Thanks
> jd

What is the routeable IP visible to the world? That is the IP you block.
Anything arriving from the outside that is pointed at a non-routable
10.x.x.x IP should be considered hostile and summarily banned; if
something on the inside is supposed to receive the packet via
masquerade, then it will not know about the non-routeable IP, it will be
up to the kernel to put it to the right IP/port.

D. Stimits, stimits at idcomm.com



More information about the LUG mailing list