From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
To: Alabama <alabama@interia.pl>, netfilter@lists.netfilter.org
Subject: Re: iptables
Date: Mon, 31 Jan 2005 08:18:00 -0500 [thread overview]
Message-ID: <41FE3008.4010008@opensourcedevel.com> (raw)
In-Reply-To: <5.2.0.9.0.20050131135158.02a9dec0@poczta.interia.pl>
Which interfaces are used for you public and DMZ networks? Are you using
DNAT for your DMZ servers? If so, have you remembered to bind the
addresses for those servers using iproute2? If you are unfamiliar with
doing this, there are some slide shows in the training section of
http://iscs.sourceforge.net that deal with iptables and iproute2 - John
Alabama wrote:
> Hello
> I am afraid it does not work. Output works perfectly but I can not to
> use none of input services e.g. ftp, www etc.
> Under public addresse a I have my clients and do not want to block them
> any ports and services
> Best regards
> Andy
> At 06:48 05-01-31 -0500, you wrote:
>
>> Alabama wrote:
>>
>>> Dear All,
>>> I have linux router with 3 NIC cards.
>>> One is an internet interface. Second is my LAN network and third is
>>> public addresses network.
>>> I am using iptables. My LAN network works perfectly filtering
>>> packets. I have problems with my public addresses network- I would
>>> like this network to work without any filtering and just can't do it.
>>> Could give me advice how to pass by iptables or how to set up
>>> iptables to route traffic to public addresses without any filtering?
>>> Best regards
>>> Andy
>>> ----------------------------------------------------------------------
>>> Najlepsze auto, najlepsze moto... >>> http://link.interia.pl/f1841
>>>
>> I do not know the details of your installation so there may be a good
>> reason for you to do this but I would normally never recommend no
>> filtering even, perhaps especially, to a DMZ.
>>
>> In any event, you can probably regulate the traffic using the
>> interfaces, e.g.,
>>
>> iptables -I FORWARD 1 -i eth0 -o eth2 -j ACCEPT
>> iptables -I FORWARD 1 -i eth2 -o eth0 -j ACCEPT
>>
>> That's what comes to mind off the top of my head. Good luck and,
>> unless you have a really good reason, I would not recommend doing
>> this. If the problem is just the complexity of managing changing
>> security on the DMZ, consider a GUI front end like fwbuilder
>> (http://www.fwbuilder.org) or, for large and highly complex
>> environments ISCS (http://iscs.sourceforge.net) when it is ready - John
>>
>> --
>> John A. Sullivan III
>> Open Source Development Corporation
>> +1 207-985-7880
>> jsullivan@opensourcedevel.com
>>
>> Financially sustainable open source development
>> http://www.opensourcedevel.com
>
>
>
> ----------------------------------------------------------------------
> Najlepsze auto, najlepsze moto... >>> http://link.interia.pl/f1841
>
>
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
Financially sustainable open source development
http://www.opensourcedevel.com
next prev parent reply other threads:[~2005-01-31 13:18 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-31 11:31 iptables Alabama
2005-01-31 12:02 ` iptables John A. Sullivan III
[not found] ` <5.2.0.9.0.20050131135158.02a9dec0@poczta.interia.pl>
2005-01-31 13:18 ` John A. Sullivan III [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-04-14 12:20 IPTables nullv
2012-04-13 23:54 IPTables nullv
2012-04-14 9:35 ` IPTables Amos Jeffries
2012-04-13 23:53 IPTables nullv
[not found] <047d7b10cb31c8716404bd5f56a7@google.com>
[not found] ` <e89a8ff2474fc99c5604bd608a88@google.com>
2012-04-11 13:06 ` IPTables Ethy H. Brito
2012-04-11 3:03 IPTables Al Grant
2012-04-11 3:45 ` IPTables Ethy H. Brito
2012-04-11 6:33 ` IPTables John Lister
[not found] <BANLkTi=G1ecs9wx+QgAcUphK2-jg60nbAw@mail.gmail.com>
2011-06-02 11:47 ` Iptables Pablo Neira Ayuso
2009-04-27 8:05 iptables Manu
2009-04-29 20:32 ` iptables Jan Engelhardt
2009-05-05 13:38 ` iptables Patrick McHardy
2009-05-05 19:26 ` iptables Jan Engelhardt
2009-05-06 7:53 ` iptables Manu
2008-01-13 18:53 Can't set up transparent proxy on XO laptop P Zemlja
2008-01-13 22:44 ` G.W. Haywood
2008-01-14 7:45 ` iptables sa
2008-01-14 9:17 ` iptables G.W. Haywood
2008-01-15 13:12 ` iptables sa
2008-01-15 14:54 ` iptables G.W. Haywood
2006-10-19 5:08 IPTABLES tarak
2005-06-19 2:17 iptables s s
2005-05-19 17:45 Iptables Chadley Wilson
2005-05-19 19:33 ` Iptables Jason Opperisano
2005-05-19 20:13 ` Iptables Chadley Wilson
2005-05-19 21:43 ` Iptables Jason Opperisano
2005-05-20 5:38 ` Iptables Chadley Wilson
2005-05-20 5:50 ` Iptables Jason Opperisano
2005-05-20 6:04 ` Iptables Rob Sterenborg
2005-05-20 6:26 ` Iptables Rob Sterenborg
2005-05-18 21:04 Iptables Limbert Fuentes Quiroga
2005-01-31 11:16 iptables Andrzej
2004-11-29 14:58 iptables MANJUNATH
2004-09-28 5:07 Iptables Contact
2004-09-28 5:25 ` Iptables Rob Sterenborg
2004-09-28 8:19 ` Iptables Contact
2004-09-28 14:04 ` Iptables Jason Opperisano
2004-09-28 14:09 ` Iptables Aleksandar Milivojevic
2004-09-28 10:36 ` Iptables John A. Sullivan III
2004-09-28 14:27 ` Iptables Jose Maria Lopez
2004-06-19 23:02 Iptables Xiaofang Chen
2004-06-21 18:26 ` Iptables Ian Pratt
2004-05-27 17:51 iptables Alejandro Cabrera Obed
2004-02-27 2:23 iptables mustafa hassan
[not found] <20040205052840.10884.25667.Mailman@netfilter-sponsored-by.noris.net>
2004-02-09 4:48 ` iptables VeNoMouS
2004-02-14 20:17 ` iptables Harald Welte
2004-01-31 8:39 Iptables Ivan Zagvozkine
2004-01-28 11:12 Iptables jean-francois fleury
2004-01-28 13:25 ` Iptables Jeffrey Laramie
2004-01-16 22:36 iptables Wilmar jose wagner
2004-01-22 22:33 ` iptables Pablo Neira
2003-05-26 13:34 iptables Wan System S.R.L.
2003-05-26 15:27 ` iptables Pedro C. Arias
2003-04-28 18:29 IPTABLES lfps
2003-04-23 5:17 iptables Star Fire
2003-02-27 18:04 iptables Guss
2003-01-19 17:30 iptables VASIF MUSAOGULLARI
2003-01-21 11:42 ` iptables Erdal Mutlu
2003-01-17 9:20 IPtables Jet
2002-11-18 22:30 iptables Alexandre Carlos
2002-10-17 23:25 IPtables Alexandre Carlos
2002-06-28 13:28 iptables luigicart
2002-06-28 13:45 ` iptables Antony Stone
2002-06-28 13:48 ` iptables Tom Eastep
2002-06-28 14:00 ` iptables Joe Patterson
2002-06-18 21:06 iptables Russell Coker
2002-06-20 12:44 ` iptables Stephen Smalley
2002-06-13 9:03 Iptables Paulo Andre
2002-06-11 2:24 iptables Matthew Hellman
2002-06-10 14:06 iptables Paulo Andre
2002-06-10 19:27 ` iptables Antony Stone
2002-06-11 2:23 ` iptables Matthew Hellman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41FE3008.4010008@opensourcedevel.com \
--to=jsullivan@opensourcedevel.com \
--cc=alabama@interia.pl \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.