[ILUG-BOM] Iptables Query
mail2mayank at gmail.com
Thu Aug 6 09:15:08 IST 2009
> I just have a small query as I am confused with the directions of packets.
> When setting a rule for the INPUT table, there is a source and destination
> setting. From the examples given in the above tutorial, when an incoming
> packet is received, the source is a local IP and destination is the world.
> Shouldn´t the incoming packet´s source be the world and destination the
> local LAN IP address?
As per my knowledge INPUT table is meant for purpose of
allowing/disallowing packets for local host running the Iptable service. For
e.g. suppose your machine (I'll call it HostA) hosting the iptable service
is also running DHCP service then you may wish to allow machines on local
network to be able to connect to port 67 on HostA. Thus you'll need to add a
-A INPUT -p udp --dport 67 -j ACCEPT
If some host on your private network wants to connect to a remote host on a
specific port then you'll be using FORWARD table to allow access as follows:
-A FORWARD -p tcp -s 192.168.0.2 -d 220.127.116.11 --dport 8090 -j ACCEPT
Also after you've mentioned all FORWARD rules you'd also like to mention
-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
Hope this info helps.
Today is tommorrow I was so worried about yesterday ...
More information about the Linuxers