> -----Original Message-----
> >=20
> > You said "allows traffic to get from my WAN" above. If=20
> eth2 is your WAN connection then please consider changing=20
> both of those forward rules to:
> >=20
> > -A FORWARD -i eth2 -d 172.16.0.0/24 -m state --state=20
> ESTABLISHED,RELATED -j ACCEPT
> >=20
> > Matching the state means that only replies to things you've=20
> asked for will come back through the forward table. Right=20
> now it is wide open.
> >=20
> > This link says it is for 2.4 kernels, but it is still valid=20
> for 2.6 kernels:
> >=20
> >=20
> http://netfilter.org/documentation/HOWTO/packet-filtering-HOWT
> O-6.html=20
> >=20
> > James Zuelow
> > Network Specialist
> > City and Borough of Juneau MIS (907)586-0236=20
>=20
> Oh, okay. I guess that is what I want. How will that affect=20
> port forwarding?
>=20
The RELATED,ESTABLISHED will break port forwarding unless you initiate the =
connection from inside.
Set up rules for port forwarding to servers individually.
So for example say a web server lives at 172.16.0.80. Write a rule like th=
is:
-A FORWARD -i eth2 -d 172.16.0.80 -p tcp --dport 80 -j ACCEPT
That means your router/firewall will forward requests from the internet to =
the web server on port 80.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Feb 18 10:12:55 2010
This archive was generated by hypermail 2.1.8 : Thu Feb 18 2010 - 10:12:55 AKST