[lug] quick iptables rule question

Nate Duehr nate at natetech.com
Wed Nov 19 16:15:21 MST 2003


Dan Ferris wrote:

 > You could do that with regular iptables rules.
 >
 > iptables -A FORWARD -p tcp --dport 9090 -s 192.168.1.1 -j ACCEPT
 >
 > iptables -A FORWARD -p tcp --dport 9090 -s 192.168.10.1 -j DROP

[Dan will get a kick out of this... heh Echolink Dan... the evil Windows 
counterpart to IRLP!]

Here's an example of what I do on my firewall for two ports that need to 
be forwarded for an application I have on my laptop.

---- snipped out of firewall setup script -----
echo Setting up EchoLink ports for laptop...

# Laptop

$PROG -t nat -A PREROUTING -p udp -d $IP --dport 5198 -i $IFACE -j DNAT 
--to-destination 192.168.16.16:5198
$PROG -t nat -A PREROUTING -p udp -d $IP --dport 5199 -i $IFACE -j DNAT 
--to-destination 192.168.16.16:5199

echo Done...
---- end of script snippage -----

Yes the laptop always has 192.168.16.16 -- gotta love having the MAC 
address tied to a particular IP in the DHCP server!

Oh... i guess I should mention that $IP is the external IP address of 
the firewall, set at the top of the script, and $IFACE is the external 
interface, eth0.

As my buddy from Austrailia says... "Works a treat, mate!"

Nate, nate at natetech.com





More information about the LUG mailing list