[H-GEN] IPTables problem
James Mills
prologic at shortcircuit.net.au
Mon Jul 19 01:10:17 EDT 2004
On Mon, Jul 19, 2004 at 02:31:39PM +1000, Harry Phillips wrote:
> I do not want any restrictions on the first IP. I have tried to
> configure iptables on the server to restrict what hosts can connect to
> port 22 on the second IP by using the following rules:
>
> MYIP="xxx.xxx.xxx.xxx"
> EXT_IF="192.168.1.4"
> iptables -A INPUT -i $EXT_IF -s $MYIP -p tcp --syn --destination-port 22
> -j ACCEPT
> $IPTABLES -A INPUT -i $EXT_IF -j DROP
>
> It still allows *anyone* to connect to port 22 on the IP address
> 192.168.1.4, why? Is it because the second IP is just an alias?
>
> If I can't get this worked out then I am more than likely going to stick
> in a second NIC to the server and get it to do all the masquerading.
AFAIK I think your problem is to do with IP Forwarding.
If your server is acting as a router and routing packets, then you need
a FORWARD rule and IP Forwarding turned on.
Does this help ?
cheers
James
--
-ShortCircuit Services
-WIKI: http://wiki.shortcircuit.net.au
-IRC: http://wiki.shortcircuit.net.au/IRC/
-IRC: (/server shortcircuit.net.au)
-
-"Problems are Solved by Method"
-
-Team123 - We deliver
-URL: http://team123.shortcircuit.net.au
More information about the General
mailing list