iptables (was port forwading)

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Carl Parrish
Date:  
Subject: iptables (was port forwading)

On Mon, 2002-03-18 at 22:22, Craig White wrote:
> > Yeah I wasn't expecting the order of options to matter either but it
> > seems that -d has to happen before -p in iptables (I'm pretty sure it
> > didn't matter in ipchains). oh well I'm going to see if I can figure it
> > all out tonight if not its going to have to wait for awhile.
> >
> ---
> I think order has definitely mattered in ipchains too...if you don't
> think so, put your reject rules before your accept rules...
>

No I didn't mean the "rules" but the options on the rules so that

ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -y \
    -d $WEB_PORT -j DENY -l 


was the same as

ipchains -A input -i $EXTERNAL_INTERFACE -d $WEB_PORT \
    -p tcp -y -j DENY -l 


(i think)

iptables seems to care a lot more about such things.



> here are a couple of links to some firewall scripts with iptables that
> may be what you're looking for...
>
> try
> http://www.e-infomax.com/ipmasq/
>
> or
> http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER
>
> or
> http://heimdall.asgardsrealm.net/linux/firewall/
>

Thanks,

I'll check them out now.

Carl P.