iptables 192.168.1.x server, can't ping by 192.168.0.x
hi friends.this is my first post here.i've always got good answer from google that show its in this forums.
i've just learned simple iptables. i have set firewall for centos of 192.168.1.21 server like this. it has a gateway of 192.168.1.2 iptables -P INPUT DROP iptables -A INPUT --in-interface lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EB:91:00:01 -j ACCEPT iptables -A INPUT -p tcp --destination-port 80 -m mac --mac-source 00:0F:EB:91:00:01 -j ACCEPT the mac source is my laptop's mac address. But when i try to ping from my laptop of 192.168.0.2 (my gateway is 192.168.0.1 but share the same server that has 3 network gateway including gateway for the centos)it failed. what i should do to enable this ping.i also cannot connect to the centos server unless i change my ip to 192.168.1.x and same gateway as centos.can someone suggest what should i modify my firewall to enable connection to centos server from my 192.168.0.2 laptop? is that related to nat and forward chain in firewall of centos? can someone suggest me what book is good to start learn linux firewall? |
To allow your server to receive pings you'll need to do something like:
Code:
iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT A good iptables tutorial is here. |
oh, thank you very much win32sux. Your explanations is very logical.maybe some of the answer is i may need to permit access only from the mac address of my gateway?but it won't give good security as what i want. others is i may also permit access from certain ip too from 192.168.0.x.im just afraid the spoofing of ipaddress and macaddress will break the security.maybe i should think other techniques. thanx again win32sux!
|
All times are GMT -5. The time now is 04:14 AM. |