iptables and networking
Hey all :-)
take again iptables, I need to configure another server.
On my server I've:
eth0 Link encap:Ethernet HWaddr 00:55:d0:c4:f8:1b
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
route -n
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
office
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 dsl
[...]
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d
192.168.1.0/24 -j ACCEPT
[...]
On new server
eth0 Link encap:Ethernet HWaddr 00:21:5e:46:7b:10
inet addr:95.110.207.165 Bcast:95.110.207.255 Mask:255.255.248.0
route -n
0.0.0.0 95.110.200.1 0.0.0.0 UG 0 0 0 eth0
95.110.200.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
is it correct do:
[...]
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 95.110.207.0/21 -d 0/0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d
95.110.207.0/21 -j ACCEPT
[...]
Second question: the FORWARD chain is useful only with another pc on
same lan. If this is server is only a file server (i.e.) I can commented
out FORWARD chain. On not?
thanks for help!
Pol
Reply to: