Should technically work, assuming the fileserver has an ip on each subnet. Jeremiah's right, though, the destination should always be the fileserver's ip.
Add a log destination before your"accept all through eth0" rule, and take a look at the logged data -it might give you a clue about what traffic is actually looking like. On Jul 1, 2011 11:55 PM, "Jeremiah Bess" <[email protected]> wrote: > I'm not an iptables expert, but I am in network security. Seems odd to me > that inbound rules 1 and 2 have the same source and destination in each > rule. The destination should always be your file server, since it sounds > like this is not acting as a router. > > Jeremiah E. Bess > Network Ninja, Penguin Geek, Father of four > > > On Fri, Jul 1, 2011 at 21:47, linuxuser <[email protected]> wrote: > >> I have a Fedora fileserver that I use on my home network only, so I >> want it to have no outside access and no inbound access except for my >> home subnets (a router and an access point). Here's what I have built >> so far, but it is not blocking pings to the outside world: >> >> [root@fedora ~]# iptables -L -v >> Chain INPUT (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- any any 192.168.2.0 >> 192.168.2.0 >> 0 0 ACCEPT all -- any any 192.168.1.0 >> 192.168.1.0 >> 43 3049 ACCEPT all -- eth0 any anywhere >> anywhere >> 0 0 REJECT all -- any any anywhere >> anywhere reject-with icmp-host-prohibited >> >> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain OUTPUT (policy ACCEPT 24 packets, 3312 bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT all -- any any 192.168.1.0 >> 192.168.1.0 >> 0 0 ACCEPT all -- any any 192.168.2.0 >> 192.168.2.0 >> >> My problem occurs when I delete INPUT 3 (the one with all the traffic) >> or add OUTPUT 3 like this: >> iptables -I OUTPUT 3 -d 0.0.0.0/0 -j DROP >> >> Lucky for me, I figured out that I could set up a crontab to stop >> iptables every 10 minutes so that I could get back in. Any >> suggestions? >> >> -- >> You received this message because you are subscribed to the Linux Users >> Group. >> To post a message, send email to [email protected] >> To unsubscribe, send email to [email protected] >> For more options, visit our group at >> http://groups.google.com/group/linuxusersgroup >> Please remember to abide by our list rules ( http://tinyurl.com/LUG-Rulesor >> http://cdn.fsdev.net/List-Rules.pdf) >> > > -- > You received this message because you are subscribed to the Linux Users Group. > To post a message, send email to [email protected] > To unsubscribe, send email to [email protected] > For more options, visit our group at http://groups.google.com/group/linuxusersgroup > Please remember to abide by our list rules (http://tinyurl.com/LUG-Rulesor http://cdn.fsdev.net/List-Rules.pdf) -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules or http://cdn.fsdev.net/List-Rules.pdf)
