* DROP before PREROUTING
@ 2006-05-03 12:48 Bruno Nunes
2006-05-03 13:07 ` Maximilian Wilhelm
2006-05-03 13:10 ` Rob Sterenborg
0 siblings, 2 replies; 3+ messages in thread
From: Bruno Nunes @ 2006-05-03 12:48 UTC (permalink / raw)
To: netfilter
Hi folks,
i have this rule which forwards all incoming requests for ipA to a
local machine as you can see.
iptables -t nat -A PREROUTING -d <ipA> -i eth0 -p tcp --dport 80
-j DNAT --to 192.168.1.4
is there any way to allow only a range of machines to use this
specific rule (not interfering with the other rules)? dropping all
requests that are not welcome.
thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: DROP before PREROUTING
2006-05-03 12:48 DROP before PREROUTING Bruno Nunes
@ 2006-05-03 13:07 ` Maximilian Wilhelm
2006-05-03 13:10 ` Rob Sterenborg
1 sibling, 0 replies; 3+ messages in thread
From: Maximilian Wilhelm @ 2006-05-03 13:07 UTC (permalink / raw)
To: netfilter
Am Mittwoch, den 3. Mai hub Bruno Nunes folgendes in die Tasten:
Hi!
> i have this rule which forwards all incoming requests for ipA to a
> local machine as you can see.
> iptables -t nat -A PREROUTING -d <ipA> -i eth0 -p tcp --dport 80
> -j DNAT --to 192.168.1.4
> is there any way to allow only a range of machines to use this
> specific rule (not interfering with the other rules)? dropping all
> requests that are not welcome.
Just add "-s source" to the line and you´ll be able to match a source
host/net.
e.g.
iptables -t nat -A PREROUTING -s 1.2.3.4 -d 2.3.4.5 -i eth0 -p tcp \
--dport 80 -j DNAT --to 3.4.5.6
Ciao
Max
--
| | Follow the white penguin.
| |\/| | |-----------------------------------------------------------.
| | |/\| | Rechnerbetrieb Mathematik | Meine Baustellen: TSM |
| | Universitaet Paderborn | Hostmaster, Linux, LDAP |
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: DROP before PREROUTING
2006-05-03 12:48 DROP before PREROUTING Bruno Nunes
2006-05-03 13:07 ` Maximilian Wilhelm
@ 2006-05-03 13:10 ` Rob Sterenborg
1 sibling, 0 replies; 3+ messages in thread
From: Rob Sterenborg @ 2006-05-03 13:10 UTC (permalink / raw)
To: netfilter
Bruno Nunes wrote:
> Hi folks,
> i have this rule which forwards all incoming requests for ipA to a
> local machine as you can see.
> iptables -t nat -A PREROUTING -d <ipA> -i eth0 -p tcp --dport 80
> -j DNAT --to 192.168.1.4
>
> is there any way to allow only a range of machines to use this
> specific rule (not interfering with the other rules)? dropping all
> requests that are not welcome.
By specifying the source IP('s).
iptables -t nat -A PREROUTING -s <src_ip[/mask]> -d <dst_ip> \
-i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.4
If you have the iprange match installed, you can also use that to match
a range instead of a subnet or host.
http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-iprange
Gr,
Rob
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-05-03 13:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-03 12:48 DROP before PREROUTING Bruno Nunes
2006-05-03 13:07 ` Maximilian Wilhelm
2006-05-03 13:10 ` Rob Sterenborg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.