Eric Hattemer wrote: > Whoever Whatever wrote: > >> Hi, >> when I have a linux box with two NICs, one $EXTIF (external) and >> one $INTIF (subnet=192.168.176.0/20). With ip masq turn on: >> iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE >> >> how do I block $INTIF(192.168.176/20) from accessing ports(ie: 80) on >> the linux box(192.168.176.1), but still allow port 80 access using ip >> masq to the outside world? >> >> I tried the filters below, but I still can access port 80 after >> applying the rules: >> iptables -A INPUT -i $INTIF -p tcp -m tcp --dport 80 --syn -j DROP >> iptables -A FORWARD -i $INTIF -p tcp -m tcp --dport 80 --syn -j DROP >> iptables -A INPUT -p tcp -s 192.168.176.0/20 -d 192.168.176.1 --dport 80 -j >> DROP >> >> anyone know if it's possible? >> >> > > I don't know any iptables, because I've never had to. Maybe someone on > the list will answer your question, but in the meantime, I strongly > suggest a program called fwbuilder. You drag your rules around, and > when you're done, you can auto-generate scripts for every major > routing/firewall language you can think of. > But if you do have a pretty good idea of what you're doing and want to debug it, Phil Dibowitz wrote a nice program called IPTState at http://www.phildev.net/iptstate/ that shows you what iptables is up to in realtime. It's of wide enough acclaim that you can probably find it in your local package management tool.
-Eric Hattemer _______________________________________________ LUAU@lists.hosef.org mailing list http://lists.hosef.org/cgi-bin/mailman/listinfo/luau