Re: my actual iptables inquiry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Fr, den 20.02.2004 schrieb Ricardo A. Vetrovec um 20:04:
> -A FORWARD -s $NET --dport 80 -j ACCEPT
> -A FORWARD -d $NET --sport 80 -j ACCEPT
> 
> this to man: accept packets to thje internet if the source are my net 
> (example 192.168.0.0/16) and destination port 80 ACCEPT
> accept packages to my network if the source port are 80 (remote server 
> are going to transmit by 80)
> 
> email:
> 
> port 110 pop, i don't remember imap

IMAP ist port 143, but you can use for the ports the service as well in
the rule.

> same rules, change the port
> 
> if the mail is webmail you don't need to open ports
> 
> media, well, you have to go to windows media player faq, realaudio faq, 
> etc because i don't remember right now
> 
> then for the last RULE
> 
> -A FORWARD -s &NET -j DROP
> 
> that-s means: deny any package for my net
> 
> of course iptables are going to read rule by rule until the package 
> match anyone, the general drop is use it to drop any other ports
> 
> If you want to drop messenger you have to install squid because when 
> messenger does not have connection trought its original port then use 80.
> 
> Greetings
> 
> Rick

Maybe I missed something, but where did the OP say something about he
runs the firewalling box with iptables as a router? My impression is
that he directly connects to the internet. So creating FORWARD rules is
false.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 02:13:43 up 1 day, 3:47, load average: 0.08, 0.10, 0.08 
                   [ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ]





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux