[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Iptables
>>>>> "Barrie" == Barrie Bremner <baz [at] barriebremner.com> writes:
>>>>> "Richard" == Richard Ibbotson <richard [at] sheflug.co.uk> writes:
Richard> Hi Can anyone tell me what's wrong with this iptables
Richard> rule which allows web pages at port 80 ...
Richard> iptables -A FORWARD -i eth0 -o ppp0 -p tcp -s
Richard> 192.168.1.1/24 --sport 1024:65535 --dport 80 -m state
Richard> -state NEW -j ACCEPT
Barrie> iptables -A FORWARD -i eth0 -o ppp0 \ -p tcp --dport 80 -m
Barrie> state --state \ NEW,RELATED,ESTABLISHED -j ACCEPT
Barrie> or
Barrie> iptables -A FORWARD -i eth0 -o ppp0 \ -p tcp --dport 80 -m
Barrie> state --state \ NEW,ESTABLISHED -j ACCEPT
Ooops. Forgot the -s 192.168.1.1/24 bit:
iptables -A FORWARD -i eth0 -o ppp0 -p tcp \
-s 192.168.1.1/24 --dport 80 -m state --state \
NEW,RELATED,ESTABLISHED -j ACCEPT
--
Barrie J. Bremner OpenPGP public key ID: F78CEE08
baz [at] barriebremner.com http://barriebremner.com/
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.