ok I know there are a million IPTABLES threads, but.... see inside
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't want to use MASQUERADING, I just want to allow/forward specific services through.
Still can't figure it out. Anyone ?
do me a favour please.
add some logging, then lets start testing the rules a bit. im a bit muddled as to where you are up to on this.
so please do this.
Code:
iptables -N LOG_DROP
iptables -A LOG_DROP -j LOG --log-prefix "dropped packet" --log-level 7
iptables -A LOG_DROP -j DROP
then, at the end of INPUT, OUTPUT, FORWARD and any other chain, add the LOG_DROP rule.
that is anything that isnt allowed through the firewall is logged and dropped.
Now, tail -f /var/log/yourfirewalllog whilst testing the rules.
You should see which packets are being blocked and can then allow them in the appropriate rule. If you have trouble with this, please post relevant logs
do me a favour please.
add some logging, then lets start testing the rules a bit. im a bit muddled as to where you are up to on this.
so please do this.
Code:
iptables -N LOG_DROP
iptables -A LOG_DROP -j LOG --log-prefix "dropped packet" --log-level 7
iptables -A LOG_DROP -j DROP
then, at the end of INPUT, OUTPUT, FORWARD and any other chain, add the LOG_DROP rule.
that is anything that isnt allowed through the firewall is logged and dropped.
Now, tail -f /var/log/yourfirewalllog whilst testing the rules.
You should see which packets are being blocked and can then allow them in the appropriate rule. If you have trouble with this, please post relevant logs
have you got this working yet??
there is another way
bit simpler too...
there is a tool called rinetd. it might be a bit old but it still works.
It is downloadable as a daemon or a perl script.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.