Iptables: Forward & Input
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
I got a Sarge server, where one of the NIC is divided into a couple of
virtuelle NIC's.
# eth1 - master (172.16.0.0/27)
iface eth1 inet static
address 172.16.0.1
netmask 255.255.255.224
network 172.16.0.0
broadcast 172.16.0.31
# eth1:1 - proxy (172.16.0.0/27)
iface eth1:1 inet static
address 172.16.0.2
netmask 255.255.255.224
network 172.16.0.0
broadcast 172.16.0.31
# eth1:2 - dns (172.16.0.0/27)
iface eth1:2 inet static
address 172.16.0.3
netmask 255.255.255.224
network 172.16.0.0
broadcast 172.16.0.31
# eth1:6 - file (172.16.0.32/29)
iface eth1:6 inet static
address 172.16.0.34
netmask 255.255.255.248
network 172.16.0.32
broadcast 172.16.0.39
LAN_NET='172.16.0.0/27'
SERVICE_NET='172.16.0.32/29'
But i'm having problems getting the forwards/input of the iptables
right. How does Debian react to the virtuel NIC's exactly? When i allow
INPUT on the file-nic i can't get a connection. But when i remove the
"-d" switch, every thing works flawless. So is the Master (Primary) NIC
still needed?
iptables -A INPUT -p tcp -s $LAN_NET -d $FILE_NIC -m multiport --dport
135,137,138,139 -j ACCEPT
The same with Bind, I would like it to used 1721.6.0.3, but i cant
specify that IP.
iptables -A INPUT -p tcp -s $LAN_NET --dport 53 -j ACCEPT #DNS
Genetally is not a problem, i just dont define the destination. But in
principle i dont open more than needed.
- --
/Lars
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDYTlwSdVv6NOAbD4RAgxCAJwIfo1wXu6Em2Yh2t51eDD16jZadACeIP4f
+RL52wYaoE3fN/D8TcUFEHY=
=ve2v
-----END PGP SIGNATURE-----
Reply to: