On Tue, 6 Nov 2007, Paul Lacatus wrote:
Am un port forwardat din LAN in internet printr-o linie in iptables :
-A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport pppp -j DNAT
--to-destination 192.168.100.39:80
Cum scriu o regula sa-i tai accesul la repectivul serviciu adresei
zzz.zzz.zzz.zzz din internet ?
Deci daca e din LAN in internet iar zzz.zzz.zzz.zzz e in internet,
de ce nu adaugi regula respectiva DOAR pentru cei care iti intra pe
interfata de LAN?
Sau ca sa continui treaba labaristic cum ai inceput-o:
-A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport pppp -j DROP
-A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport pppp -j DNAT
--to-destination 192.168.100.39:80
--
Any views or opinions presented within this e-mail are solely those of
the author and do not necessarily represent those of any company, unless
otherwise expressly stated.
_______________________________________________
RLUG mailing list
RLUG@lists.lug.ro
http://lists.lug.ro/mailman/listinfo/rlug