Re: iptables question
Hi
Prerouting is processed first, but you don't need to open port in INPUT.
Packets must go through FORWARD table, so you may need something like:
iptables -A FORWARD -i ppp0 -p tcp -d 192.168.1.2 --dport 2222 -j ACCEPT
You can see a usefull "netfilter map" here :
http://www.admin2k.com/Netfilter_path.png
--
Jean-Michel RAUX
Administrateur systeme - T-Online France
Tel : 01 55 45 43 88 - jmraux@t-online.fr
On Fri, Jun 21, 2002 at 10:15:35AM +0200, Jan R?ther wrote:
> Hi there,
>
> i have just a simple question about iptables. I got a router running
> debian with iptables. The Standard Policy's for all chains are DROP. Now i
> want to masq/route a few specific ports to some boxes inside my LAN, all
> with 192.168.1.x addresses. I do that with:
>
> iptables -A PREROUTING -t nat -i ppp0 -s 0/0 -p tcp --dport 2222 -j DNAT
> --to 192.168.1.2
>
> My question is now, will that rule be processed before the standard INPUT
> policy gets applied? Or do i have to add a:
>
> iptables -A INPUT -i ppp0 -s 0/0 -p tcp --dport 2222 -j ACCEPT
>
> before the PREROUTING thingie?
>
> Jan
>
> -----
> Jan Räther
> Universität Hamburg
> Zentrum für Molekulare Neurobiologie
> Service-Gruppe EDV
> Falkenried 94
> 20251 Hamburg
> Germany
> Tel.: 040 - 428 - 03 - 6619
> Fax.: 040 - 428 - 03 - 6621
>
> Tell a man there are 300 billion stars
> in the universe and he'll believe you.
> Tell him a bench has wet paint on it
> and he'll have to touch to be sure.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: