[lug] quick iptables rule question
Dan Ferris
dan at ferrises.com
Wed Nov 19 16:32:12 MST 2003
Yeah. Evil. :-)
I have those two rules in my firewall also. Got to keep my dad happy
you know ;-)
Dan
Nate Duehr wrote:
> Dan Ferris wrote:
>
> > You could do that with regular iptables rules.
> >
> > iptables -A FORWARD -p tcp --dport 9090 -s 192.168.1.1 -j ACCEPT
> >
> > iptables -A FORWARD -p tcp --dport 9090 -s 192.168.10.1 -j DROP
>
> [Dan will get a kick out of this... heh Echolink Dan... the evil Windows
> counterpart to IRLP!]
>
> Here's an example of what I do on my firewall for two ports that need to
> be forwarded for an application I have on my laptop.
>
> ---- snipped out of firewall setup script -----
> echo Setting up EchoLink ports for laptop...
>
> # Laptop
>
> $PROG -t nat -A PREROUTING -p udp -d $IP --dport 5198 -i $IFACE -j DNAT
> --to-destination 192.168.16.16:5198
> $PROG -t nat -A PREROUTING -p udp -d $IP --dport 5199 -i $IFACE -j DNAT
> --to-destination 192.168.16.16:5199
>
> echo Done...
> ---- end of script snippage -----
>
> Yes the laptop always has 192.168.16.16 -- gotta love having the MAC
> address tied to a particular IP in the DHCP server!
>
> Oh... i guess I should mention that $IP is the external IP address of
> the firewall, set at the top of the script, and $IFACE is the external
> interface, eth0.
>
> As my buddy from Austrailia says... "Works a treat, mate!"
>
> Nate, nate at natetech.com
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list