[SOLVED] [FIREWALL] confused about setting up a specific rule using iptables
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
[FIREWALL] confused about setting up a specific rule using iptables
Hey there !!
IŽd like some help regarding this issue.
This is my scenario:
My firewall , wich is an Ubuntu server 10.10 , have 3 interfaces:
eth0(192.168.0.254):linked to the DMZ
eth1(192.168.1.254):linked to the LAN
eth3(212.217.0.1):linked to the Internet
-The DMZ have one web server with a static address (192.168.0.1).
-My LAN address range is (192.168.1.2-192.168.1.100) managed by a DHCP server in the same firwall machine.
There are some of the rules that I need to set up :
-Allow HTTP between the LAN and the internet
-Allow HTTP between the web server in the DMZ, and the internet.
So my question is :
Is there a way to tell the firewall , to redirect all incoming HTTP requests only to the web server in the DMZ ??
thanks .
Last edited by cryptoboss; 04-14-2011 at 09:20 AM.
thanks a lot budy , Im seeing light now with your reply .
I believe that the proper way to learn how to set up a firewall with iptables is to read iptables manual , but im getting confused in some points in its manual like :
" match = -m matchname [per-match-options] " what does that really mean , in other words , i usually found this expression in some rules " -m state --state NEW,RELATED,ESTABLISHED " , can someone explain what is that for ??
thanks in advance.
Last edited by cryptoboss; 04-05-2011 at 10:16 AM.
im getting confused in some points in its manual like :
" match = -m matchname [per-match-options] " what does that really mean , in other words , i usually found this expression in some rules " -m state --state NEW,RELATED,ESTABLISHED " , can someone explain what is that for ??
That just says to use the state module to match packets in state NEW, RELATED, or ESTABLISHED. If a packet isn't in any of those states (for example, it's in state INVALID), it won't match the rule and will continue traversing whichever chain the rule was in.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.