[lug] iptables
D. Stimits
stimits at idcomm.com
Tue May 21 21:18:31 MDT 2002
j davis wrote:
>
> Hi,
> so if a request is made to the public interface of my firewall is
> the request processed as the public IP or the private IP for the firewall.
>
> example :
>
> I want to block telnet access to my firewall from the internet. I write
> rules
> in the INPUT chain to do this.Would i write the rule blocking telnet using
> the public or private interface
>
> /sbin/iptables -A INPUT -i eth0 -d 10.0.0.1 -p tcp --dport 23 -j DROP
>
> or
>
> /sbin/iptables -A INPUT -i eth0 -d $MY_PUB_IP -p tcp --dport 23 -j DROP
>
> Thanks
> jd
What is the routeable IP visible to the world? That is the IP you block.
Anything arriving from the outside that is pointed at a non-routable
10.x.x.x IP should be considered hostile and summarily banned; if
something on the inside is supposed to receive the packet via
masquerade, then it will not know about the non-routeable IP, it will be
up to the kernel to put it to the right IP/port.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list