Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #513
| From | gdunn <gdunn@example.com> |
|---|---|
| Subject | iptables help, please? |
| Newsgroups | comp.os.linux.security |
| Message-ID | <a3d01$53a64f4b$9440befe$5576@STARBAND.NET> (permalink) |
| Organization | UseNetServer.com |
| Date | 2014-06-22 03:36 +0000 |
Greetings all, Hopefully there are still some knowledgeable people in the group, despite the apparent spam content. I've inherited an iptables configuration that I don't understand, other than the UNSOLICITED line. Your help in understanding and correcting any problems will be appreciated. First, eth1 is the WAN interface and eth0 is LAN. I'd like to clean up the file if possible, and at the same time allow WAN UDP packets on ports 5198 and 5199 to be forwarded to 192.168.1.50, if possible. Thank You. ############################################################### *filter :FORWARD ACCEPT [eth0:0] :INPUT DROP [eth1:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -m state -i eth1 --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth1 -p udp -s 148.78.249.200 --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i eth1 -p udp -s 148.78.249.201 --dport 53 -m state --state NEW -j ACCEPT #-A INPUT -i eth1 -p udp -s 148.78.249.202 --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i eth1 -p udp -s 148.78.249.203 --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i eth1 -m state --state NEW -j LOG --log-level 7 --log-prefix UNSOLICITED: COMMIT *mangle :PREROUTING ACCEPT [1471:303908] :INPUT ACCEPT [636:240607] :FORWARD ACCEPT [80:63181] :OUTPUT ACCEPT [437:39285] :POSTROUTING ACCEPT [1269:102466] COMMIT *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth1 -j MASQUERADE # Forward HTTP connections to Squid proxy #-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128 COMMIT ###############################################################
Back to comp.os.linux.security | Previous | Next — Next in thread | Find similar
iptables help, please? gdunn <gdunn@example.com> - 2014-06-22 03:36 +0000
Re: iptables help, please? Philippe Weill <Philippe.Weill@aero.jussieu.fr> - 2014-06-22 08:54 +0200
Re: iptables help, please? Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2014-06-22 13:04 +0200
Re: iptables help, please? Philippe Weill <Philippe.Weill@aero.jussieu.fr> - 2014-06-23 07:21 +0200
Re: iptables help, please? Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2014-06-22 13:06 +0200
Re: iptables help, please? Moe Trin <ibuprofin@painkiller.example.tld.invalid> - 2014-06-22 15:43 +0000
csiph-web