Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Thanks, That will work
On Thu, 6 Jun 2002, Ian Scott wrote:
> John Engelbrecht wrote:
> > Yea.. i know, you all think FreeBSD's NATd is better, in which I agree.
> > But in this case, there is no option to use FreeBSD, not for this guy.
> >
> > The Question is
> > with kernel 2.4.18, and iptables version 1.2.6a
> > how do you fix it where workstations behind linux
> > can only connect to the web page ports, port 80 and what? 125?
> > I have a friend that needs to know this info.
>
> Note that this is just for the forwarding chain.
>
> Make sure forwarding is turned on in the kernel, of course:
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> First, block everything:
> iptables -P FORWARD DROP
>
> Then, just let through port 80 for http:
> iptables -A FORWARD -p TCP --dport 80 -j ACCEPT
>
> And port 443 for https:
> iptables -A FORWARD -p TCP --dport 443 -j ACCEPT
>
> And then forward the responses from the webserver:
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> That should do it. If you need NAT set up, the additional rule of:
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> This is pretty much like ipchains' old masquerading. If you want
> something a bit more exotic, there are some great HOWTOs at
> netfilter.samba.org.
>
> Ian
>
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
>
> Archives are available at http://mlug.missouri.edu/list-archives/
>
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact