[ILUG-BOM] Iptables Query

Mayank mail2mayank at gmail.com
Thu Aug 6 09:15:08 IST 2009


>
> I just have a small query as I am confused with the directions of packets.
> When setting a rule for the INPUT table, there is a source and destination
> setting. From the examples given in the above tutorial, when an incoming
> packet is received, the source is a local IP and destination is the world.
> Shouldn´t the incoming packet´s source be the world and destination the
> local LAN IP address?


Hi,
   As per my knowledge INPUT table is meant for purpose of
allowing/disallowing packets for local host running the Iptable service. For
e.g. suppose your machine (I'll call it HostA) hosting the iptable service
is also running DHCP service then you may wish to allow machines on local
network to be able to connect to port 67 on HostA. Thus you'll need to add a
rule like:

-A INPUT -p udp --dport 67 -j ACCEPT

If some host on your private network wants to connect to a remote host on a
specific port then you'll be using FORWARD table to allow access as follows:

-A FORWARD -p tcp -s 192.168.0.2 -d 91.129.121.80 --dport 8090 -j ACCEPT

Also after you've mentioned all FORWARD rules you'd also like to mention
following rule:

-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT

Hope this info helps.

Regards,
Mayank
-- 
Today is tommorrow I was so worried about yesterday ...


More information about the Linuxers mailing list