Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If that truely is an "x" in your IPTABLES line, then you've just shot yourself in the foot. Make sure it is set to eth0 or eth1 respectfully.
If it is set to the number, then I think you want to change REJECT to DROP. Not entirely sure on that, but I was thinking REJECT isn't a legit statement, meaning that it works but wasn't syntackfully correct.
Someone will likely set me either correct or wrong on the reject thing.
Originally posted by blackzone never used iptables before, start trying out.
-------------------------
Have two computer on a network with IP (192.168.0.12 and 192.168.0.44) respectively
on the 192.168.0.12 computer I input:
iptables -A FORWARD -i ethx -s 192.168.0.44 -j REJECT
why can computer with 192.168.0.44 still ping 192.168.0.12?
-------------------------------------------------------------------------------
surely it must ping
u must prefer one of the followings to block packets which come from 192.168.0.44 on computer with 192.168.0.12 ip.
iptables -A INPUT -s 192.168.0.44 -j DROP
or
iptables -A INPUT -s 192.168.0.44 -j REJECT
Originally posted by blackzone what's the different between input chain and forward chain?
Since your blocking from .44 shouldn't it be "iptables -A INPUT -s 192.168.0.44 -j DROP" ?
Your incoming packets destined to your computer are checked against the rules in the INPUT chain. But FORWARD chain is for packets that comes to your computer but not destined to your computer; ie. willing to be forwarded. For example in a gateway computer; FORWARD chain can be used to control incoming/outgoing traffic. And yes, it should be INPUT chain in the example mardanian gave. Packets that related with forwarding goes _only_ through FORWARD chain, not both FORWARD and INPUT chains.
Originally posted by blackzone I was hoping there is a iptables tutorial for dummy
what does it mean by masquerade, ip contrack, mangle packet, TOS
I also saw Prerouting and Postrouting chains, can those be viewed? When I type iptables -L I only saw 3
Masquerading is letting the internal network computers access to internet via a gateway that has a dynamic ip address. When an internal computer requests some data from the Internet; gateway changes the source address and do the request as it's coming from him and do the reverse when the reply come back.
conntrack is a iptables module that is used for doing connection tracking. Connection tracking is tracking a packet's connection that it is coming for or going out. For example you can block all SSH traffic or block SSH traffic that isn't belonging to an already established connection. Latter can be done by conntrack
packet mangling is a general term and means altering packet data. For example, when doing source nat and destination nat we alter the packets headers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.