[lug] quick iptables rule question
Dan Ferris
dan at ferrises.com
Wed Nov 19 13:27:22 MST 2003
You could do that with regular iptables rules.
iptables -A FORWARD -p tcp --dport 9090 -s 192.168.1.1 -j ACCEPT
iptables -A FORWARD -p tcp --dport 9090 -s 192.168.10.1 -j DROP
Ryan Wheaton wrote:
> The IP was an example, didn't want to give out "real" IP info, but
> wanted to make the example show that i was forwarding that port to an
> internal IP.
>
> here's another question...
>
> i got it to fwd port 9090 -> 80, but is there a way to create the rule
> so that that port only accepts traffic from a certain external IP?
>
> btw, this is the rule that i used before....
>
> iptables -A PREROUTING -t nat -p tcp -j DNAT --dport 9090
> --to-destination xxx.xxx.xxx.xxx:80
>
> just plain --to didn't work...
>
>
> -r
>
> On Wednesday, Nov 19, 2003, at 11:15 America/Denver, Grep Ergo Sum - I
> grep therefore I am wrote:
>
>> On Wed, 19 Nov 2003, Dan Ferris wrote:
>>
>>> iptables -t nat -A PREROUTING -p tcp --dport 9090 -j DNAT --to
>>> 192.168.0.0:80
>>>
>>> Anything destined to port 9090 on the firewall will go to port 80 of
>>> 192.168.0.0
>>
>>
>> Isn't 192.168.0.0 a network address? How can you send something to
>> port 80 of a network address?
>>
>> --
>> ____________________________________________
>> Dave Hagerty
>> ... and they that weave networks, shall be confounded.
>> Isaiah 19:9 (KJV)
>>
>> "On the side of the software box, in the 'System Requirements'
>> section, it
>> said 'Requires Windows 98 or better'. So I installed Linux."
>>
>> "There is no limit to the good you can do if you don't care who gets the
>> credit." - George C. Marshall
>>
>> _______________________________________________
>> Web Page: http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list