[lug] quick iptables rule question
Nate Duehr
nate at natetech.com
Wed Nov 19 16:15:21 MST 2003
Dan Ferris wrote:
> You could do that with regular iptables rules.
>
> iptables -A FORWARD -p tcp --dport 9090 -s 192.168.1.1 -j ACCEPT
>
> iptables -A FORWARD -p tcp --dport 9090 -s 192.168.10.1 -j DROP
[Dan will get a kick out of this... heh Echolink Dan... the evil Windows
counterpart to IRLP!]
Here's an example of what I do on my firewall for two ports that need to
be forwarded for an application I have on my laptop.
---- snipped out of firewall setup script -----
echo Setting up EchoLink ports for laptop...
# Laptop
$PROG -t nat -A PREROUTING -p udp -d $IP --dport 5198 -i $IFACE -j DNAT
--to-destination 192.168.16.16:5198
$PROG -t nat -A PREROUTING -p udp -d $IP --dport 5199 -i $IFACE -j DNAT
--to-destination 192.168.16.16:5199
echo Done...
---- end of script snippage -----
Yes the laptop always has 192.168.16.16 -- gotta love having the MAC
address tied to a particular IP in the DHCP server!
Oh... i guess I should mention that $IP is the external IP address of
the firewall, set at the top of the script, and $IFACE is the external
interface, eth0.
As my buddy from Austrailia says... "Works a treat, mate!"
Nate, nate at natetech.com
More information about the LUG
mailing list