[lug] quick iptables rule question

Dan Ferris dan at ferrises.com
Wed Nov 19 16:32:12 MST 2003


Yeah.  Evil. :-)

I have those two rules in my firewall also.  Got to keep my dad happy 
you know ;-)

Dan

Nate Duehr wrote:
> Dan Ferris wrote:
> 
>  > You could do that with regular iptables rules.
>  >
>  > iptables -A FORWARD -p tcp --dport 9090 -s 192.168.1.1 -j ACCEPT
>  >
>  > iptables -A FORWARD -p tcp --dport 9090 -s 192.168.10.1 -j DROP
> 
> [Dan will get a kick out of this... heh Echolink Dan... the evil Windows 
> counterpart to IRLP!]
> 
> Here's an example of what I do on my firewall for two ports that need to 
> be forwarded for an application I have on my laptop.
> 
> ---- snipped out of firewall setup script -----
> echo Setting up EchoLink ports for laptop...
> 
> # Laptop
> 
> $PROG -t nat -A PREROUTING -p udp -d $IP --dport 5198 -i $IFACE -j DNAT 
> --to-destination 192.168.16.16:5198
> $PROG -t nat -A PREROUTING -p udp -d $IP --dport 5199 -i $IFACE -j DNAT 
> --to-destination 192.168.16.16:5199
> 
> echo Done...
> ---- end of script snippage -----
> 
> Yes the laptop always has 192.168.16.16 -- gotta love having the MAC 
> address tied to a particular IP in the DHCP server!
> 
> Oh... i guess I should mention that $IP is the external IP address of 
> the firewall, set at the top of the script, and $IFACE is the external 
> interface, eth0.
> 
> As my buddy from Austrailia says... "Works a treat, mate!"
> 
> Nate, nate at natetech.com
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> 




More information about the LUG mailing list