Whoever Whatever wrote: > Hi, > when I have a linux box with two NICs, one $EXTIF (external) and > one $INTIF (subnet=192.168.176.0/20). With ip masq turn on: > iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE > > how do I block $INTIF(192.168.176/20) from accessing ports(ie: 80) on > the linux box(192.168.176.1), but still allow port 80 access using ip > masq to the outside world? > > I tried the filters below, but I still can access port 80 after > applying the rules: > iptables -A INPUT -i $INTIF -p tcp -m tcp --dport 80 --syn -j DROP > iptables -A FORWARD -i $INTIF -p tcp -m tcp --dport 80 --syn -j DROP > iptables -A INPUT -p tcp -s 192.168.176.0/20 -d 192.168.176.1 --dport 80 -j > DROP > > anyone know if it's possible? >
I don't know any iptables, because I've never had to. Maybe someone on the list will answer your question, but in the meantime, I strongly suggest a program called fwbuilder. You drag your rules around, and when you're done, you can auto-generate scripts for every major routing/firewall language you can think of. -Eric Hattemer _______________________________________________ LUAU@lists.hosef.org mailing list http://lists.hosef.org/cgi-bin/mailman/listinfo/luau
