|
|
|
Re: Question about nat filtering with FORWARD | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Wed June 24 2009 wrote Jorge Bastos: > > On Wed June 24 2009 wrote Rob Sterenborg: > >> $ipt -P FORWARD DROP > >> $ipt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > >> $ipt -A FORWARD -m state --state NEW -p tcp --dport 22 -j ACCEPT > > > > Watch out, that with these rules, you will allow any traffic to pass, > > that has > > destination port 22. Thus, the outside can contact you to port 22. And > > the inside can contact any host on the Internet on port 22. > > No good then, i just want to allow traffic for ports defined by me, for > the NAT'd machines. > > Can you guys help on this? Sorry but i really have no idea, with the > PREROUTING it was easy for me. You can add -i and -o to specify the incoming and outgoing interface to distinguish from the Internet and the LAN-side. -- Christoph Paasch www.rollerbulls.be --
Attachment:
signature.asc
Description: This is a digitally signed message part.
[Linux Netfilter Development] [Linux Kernel Development] [TCP/IP Books] [Linux Resources] [LARTC] [Home] [Bugtraq] [Consulting] [Free Internet Dating] [Yosemite Forum] [Photo]
|
|