So add a "-s 192.168.0.0/32" to that line to specify that it has to come from that network. Or you can put a "-i eth1" to specify that it has to come in on eth1 device. Jim -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Garcia, Steve Sent: Monday, November 08, 2004 4:55 PM To: For users of Fedora Core releases Subject: RE: iptables modification > Garcia, Steve wrote: > > >Yikes -- I actually DID use the correct port number. I don't know where > that > >443 came from when I typed my question. :-0 > > > > > > > >>-----Original Message----- > >> > >>Hi, > >> > >>I need to poke a hole in the firewall to allow access to a remote Citrix > >>(port 1494) server. I believe I've made the correct change. I added > this > >>to > >>/etc/sysconfig/iptables > >> > >>-A firewall-chain-name -m state --state NEW -m tcp -p tcp --dport 443 - > j > >>ACCEPT > >> > >>Other than "does it work", which I'm waiting for the someone to answer, > >>I'd > >>like to see what is going on with iptables and check that this port > shows > >>up > >>as being passed. > >> > >>How can I see a summary of what iptables is currently doing? > >> > >>Iptables -L -v -n > >>Didn't give me what I expected -- a list of ports being passed. > >> > >>Steve > >> > >> > >>-- > >>fedora-list mailing list > >>fedora-list@xxxxxxxxxx > >>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > >> > >> > > > > > > > It would also be usefull/more secure if you could specify a source IP > address that the connection can come from. > > Does your "some one" have a static IP address? > > Doug Yeah, but I'd like it to work for the entire internal masq'd network: 192.168.0 -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
