Re: Fw: Can a daemon listen only on some interfaces?
Guido Hennecke <g.hennecke@t-online.de> writes:
> > Sorry, I was transposing my thoughts into ipchains rules. Actually my
> > firewall is iptables based. In iptables, packets that are being
> > masqueraded traverse only the FORWARD chain and not the INPUT or OUTPUT
> > chains. Thus if the rule was:
> > iptables -A INPUT -i eth0 ! -d 192.168.0.1 -j DROP
> > this should be OK I guess. Since packets on the INPUT are destined only
> > to localhost.
>
> Pakets came from the externel interface from a ip address from this
> externel network will be masqeraded? I think the will not!
I've got a problem with this, btw. Increasingly, I'm needing FORWARDING
rules on various sites; what I want to know is, when I've got the following
layout:
| #Chain for incoming/forwarding filtering
| iptables -N block
| #chain to drop & log stuff
| iptables -N DLOG
| ...
| several `block' rules incl stateful allowing ESTABLISHED,RELATED
| ...
| ## Jump to that chain from INPUT and FORWARD chains.
| iptables -A INPUT -j block
| iptables -A FORWARD -j block
how come packets still seem to get dropped when being forwarded between
interfaces?
(If this isn't the place for this question, point me at a *decent* bit of
documentation by all means! (With emphasis on `decent', as in something
that explains and details simultaneously.))
~Tim
--
12:51:17 up 33 days, 14:46, 17 users, load average: 0.15, 0.18, 0.17
piglet@stirfried.vegetable.org.uk |And your radiance shines
http://piglet.is.dreaming.org |Like the moon of all innocent grace
Reply to: