[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: Can a daemon listen only on some interfaces?

At 10.12.2001, mdevin wrote:
> On Mon, Dec 10, 2001 at 09:31:09AM +0200, Berend De Schouwer wrote:
> > I'm not the original author, but I use ! <interface> too.
> > 
> > Using ! <destination> would break ip forwarding.  If your box is a
> > gateway/router/firewall, it will drop all packets not destined for
> > (itself).

Exactly ;-)

> OK, I see the problem.  However, I think this only applies to ipchains
> where forwarded packets traverse the input and output chains.

I am not very experienced with iptables but i dont know why you tell
something from forward chains and masq?

> Sorry, I was transposing my thoughts into ipchains rules.  Actually my
> firewall is iptables based.  In iptables, packets that are being
> masqueraded traverse only the FORWARD chain and not the INPUT or OUTPUT
> chains.  Thus if the rule was:
> iptables -A INPUT -i eth0 ! -d -j DROP
> this should be OK I guess.  Since packets on the INPUT are destined only
> to localhost.

Pakets came from the externel interface from a ip address from this
externel network will be masqeraded? I think the will not!

Regards, Guido

Attachment: pgpdmY4SLcx1A.pgp
Description: PGP signature

Reply to: