Re: Fw: Can a daemon listen only on some interfaces?

To: debian-security@lists.debian.org
Cc: Berend De Schouwer <bds@jhb.ucs.co.za>
Subject: Re: Fw: Can a daemon listen only on some interfaces?
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 10 Dec 2001 12:54:31 +0000
Message-id: <[🔎] 861yi3dym0.fsf@potato.vegetable.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <[🔎] E16DPrP-00078R-00@debian.dyndns.org> (Guido Hennecke's message of "Mon, 10 Dec 2001 13:48:43 +0100")
References: <[🔎] 20011209121208.A977@flea.home> <[🔎] E16D3mj-0005dr-00@debian.dyndns.org> <[🔎] 002501c180d9$37b2ae40$0300000a@Oneil> <[🔎] 86adwsjn6w.fsf@potato.vegetable.org.uk> <[🔎] E16D8xU-0007vy-00@debian.dyndns.org> <[🔎] 20011210102637.B1171@flea.home> <[🔎] E16DEeC-000294-00@debian.dyndns.org> <[🔎] 20011210161957.A3525@flea.home> <[🔎] 1007969470.974.2.camel@bds.ucs.co.za> <[🔎] 20011210222300.A892@flea.home> <[🔎] E16DPrP-00078R-00@debian.dyndns.org>

Guido Hennecke <g.hennecke@t-online.de> writes:

> > Sorry, I was transposing my thoughts into ipchains rules.  Actually my
> > firewall is iptables based.  In iptables, packets that are being
> > masqueraded traverse only the FORWARD chain and not the INPUT or OUTPUT
> > chains.  Thus if the rule was:
> > iptables -A INPUT -i eth0 ! -d 192.168.0.1 -j DROP
> > this should be OK I guess.  Since packets on the INPUT are destined only
> > to localhost.
> 
> Pakets came from the externel interface from a ip address from this
> externel network will be masqeraded? I think the will not!

I've got a problem with this, btw. Increasingly, I'm needing FORWARDING
rules on various sites; what I want to know is, when I've got the following
layout:

 | #Chain for incoming/forwarding filtering
 | iptables -N block
 | #chain to drop & log stuff
 | iptables -N DLOG
 | ...
 | several `block' rules incl stateful allowing ESTABLISHED,RELATED
 | ...
 | ## Jump to that chain from INPUT and FORWARD chains.
 | iptables -A INPUT -j block
 | iptables -A FORWARD -j block

how come packets still seem to get dropped when being forwarded between
interfaces?

(If this isn't the place for this question, point me at a *decent* bit of
documentation by all means! (With emphasis on `decent', as in something
that explains and details simultaneously.))

~Tim
-- 
   12:51:17 up 33 days, 14:46, 17 users,  load average: 0.15, 0.18, 0.17
piglet@stirfried.vegetable.org.uk |And your radiance shines
http://piglet.is.dreaming.org     |Like the moon of all innocent grace

Reply to:

Follow-Ups:
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: mdevin <mdevin@ozemail.com.au>

References:
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: mdevin@ozemail.com.au
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: "Phillip Hofmeister" <plhofmei@svsu.edu>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: mdevin <mdevin@ozemail.com.au>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: mdevin <mdevin@ozemail.com.au>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Berend De Schouwer <bds@jhb.ucs.co.za>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: mdevin <mdevin@ozemail.com.au>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>

Prev by Date: Re: Fw: Can a daemon listen only on some interfaces?
Next by Date: Re: Fw: Can a daemon listen only on some interfaces?
Previous by thread: Re: Fw: Can a daemon listen only on some interfaces?
Next by thread: Re: Fw: Can a daemon listen only on some interfaces?
Index(es):
- Date
- Thread