[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

please help by iptables FORWARD...

good morning,

i´m trying to set up my redhat router a little bit more save, here is my
actual setup.

# delete old rules
iptables -F
iptables -t nat -F

# enable masquerading
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# enable ip_forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# set standard chain policies to DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# set INPUT rules
iptables -A INPUT -p tcp -s 192.168.1.0/24 -i eth0 --dport 22 -j ACCEPT

# set FORWARD rules
iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -i ppp0 -o eth0 -j ACCEPT

# set OUTPUT rules
iptables -A OUTPUT -p tcp -d 192.168.1.0/24 -o eth0 --sport 22 -j ACCEPT

All works fine but all traffic and all ports are able to use but that's not
what i want.

Now, i delete the FORWARD rules and changed it to:

iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 80 -i eth0 -o ppp0 -j
ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -p tcp --sport 80 -i ppp0 -o eth0 -j
ACCEPT

in hope to forward only http traffic but it dosn't work.

can anyone help, please ?


best wishes

Daniel Krueger
Reply to: