[H-GEN] IPTables problem
Harry Phillips
harry at tux.com.au
Mon Jul 19 00:31:39 EDT 2004
I have a firewall appliance on a client's site that has only basic
firewall configuration ability's. You can get it to forward a port on
the external interface to a port on an internal host, that's it. I want
to restrict who can connect to that port. At the moment anyone on the
entire Internet can connect in.
What I have is an internal host that runs Linux, and I have configured
it so that the single NIC has an IP of 192.168.1.1 and an alias of
192.168.1.4
I do not want any restrictions on the first IP. I have tried to
configure iptables on the server to restrict what hosts can connect to
port 22 on the second IP by using the following rules:
MYIP="xxx.xxx.xxx.xxx"
EXT_IF="192.168.1.4"
iptables -A INPUT -i $EXT_IF -s $MYIP -p tcp --syn --destination-port 22
-j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -j DROP
It still allows *anyone* to connect to port 22 on the IP address
192.168.1.4, why? Is it because the second IP is just an alias?
If I can't get this worked out then I am more than likely going to stick
in a second NIC to the server and get it to do all the masquerading.
--
Regards,
Harry Phillips
More information about the General
mailing list