[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fw: Can a daemon listen only on some interfaces?

Guido Hennecke <g.hennecke@t-online.de> writes:

> > Sorry, I was transposing my thoughts into ipchains rules.  Actually my
> > firewall is iptables based.  In iptables, packets that are being
> > masqueraded traverse only the FORWARD chain and not the INPUT or OUTPUT
> > chains.  Thus if the rule was:
> > iptables -A INPUT -i eth0 ! -d -j DROP
> > this should be OK I guess.  Since packets on the INPUT are destined only
> > to localhost.
> Pakets came from the externel interface from a ip address from this
> externel network will be masqeraded? I think the will not!

I've got a problem with this, btw. Increasingly, I'm needing FORWARDING
rules on various sites; what I want to know is, when I've got the following

 | #Chain for incoming/forwarding filtering
 | iptables -N block
 | #chain to drop & log stuff
 | iptables -N DLOG
 | ...
 | several `block' rules incl stateful allowing ESTABLISHED,RELATED
 | ...
 | ## Jump to that chain from INPUT and FORWARD chains.
 | iptables -A INPUT -j block
 | iptables -A FORWARD -j block

how come packets still seem to get dropped when being forwarded between

(If this isn't the place for this question, point me at a *decent* bit of
documentation by all means! (With emphasis on `decent', as in something
that explains and details simultaneously.))

   12:51:17 up 33 days, 14:46, 17 users,  load average: 0.15, 0.18, 0.17
piglet@stirfried.vegetable.org.uk |And your radiance shines
http://piglet.is.dreaming.org     |Like the moon of all innocent grace

Reply to: