Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just recently set up my iptables configuration and it's been running beautifully. Just to give readers an overview, I am running RedHat 7.3 using iptables as my firewall and routing solution, with IP masquerading and all that good stuff, so I do have rules that forward packets into my lan and such.
Among those rules I also have a few rules to send specific packets to specific boxes inside the lan (which I suppose you would call server forwarding, in the manner many prefab. hardware firewalls do). Rules such as:
That forwards incoming IRC traffic to another Linux machine which is running ircd. Now, my question has to do with the nature of the PREROUTING table... If anyone out there has a better understanding of iptables, please help me out.
Let's say that I wanted to keep a specific user (by IP) from connecting to my IRC server. My first reflex is to add a rule to the input table such as:
But I find that that doesn't work, and my theory is that the packet has already gone through, and been mangled by, the PREROUTING table. Is this assumption correct? And if not, why won't something like that work? Also, what about the event where an external port is forwarded to a different internal port, i.e. port 8080 on the outside forwarded to a webserver on port 80 inside the lan?
If anyone out there has ever done this, or knows anything more about it, I'd much appreciate your input.
And a quick answer to your question, you can -j DROP the ip with a -s xxx.xxx.xxx.xxx rule in the PREROUTING or FORWARD chains of the router, or in the PREROUTING or INPUT chains of the box with ircd.
But read and find out the difference strategies.
Regards,
Peter
Last edited by peter_robb; 09-15-2002 at 09:04 AM.
Thank you, unSpawn ad peter_robb, after reading through that Traversal of Chains document a couple of times I realized where my problem was.
For some reason I had assumed that the packets would travel through the INPUT chain, not realizing that, of course, the packets are destined for a foreign host inside the network.
I added a rule to my FORWARD chain in the filter table and got it to work the way I expected. Such an obvious error, but now I am satisfied that I have an idea of how the tables and chains work.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
iptables PREROUTING and blocking question
