LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-18-2015, 10:48 AM   #1
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Rep: Reputation: 177Reputation: 177
Can I consolidate iptables rules


I have the IP tables rules shown below. First questions, can I consolidate such as:

Code:
iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL1 -p tcp -m -multiport --dports 21,5090,5003,6001,6002 -j DNAT --to-destination $SAMSUNG
Can I use the multiport option here? Will it route properly if I don't specify the port on the --to-destination? I can't really test this as the software on the Samsung must be accessed via phone service provider proprietary software, so I'd like to get some expert opinion before have them try it.

Current iptables rules:
Code:
    # Route 1st Keytel IP accesses to configured ports to the Samsung
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL1 -p tcp --dport 21 -j DNAT --to-destination $SAMSUNG:21
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL1 -p tcp --dport 5090 -j DNAT --to-destination $SAMSUNG:5090
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL1 -p tcp --dport 5003 -j DNAT --to-destination $SAMSUNG:5003
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL1 -p tcp --dport 6001 -j DNAT --to-destination $SAMSUNG:6001
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL1 -p tcp --dport 6002 -j DNAT --to-destination $SAMSUNG:6002

    # Route 2nd Keytel IP accesses to configured ports to the Samsung
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL2 -p tcp --dport 21 -j DNAT --to-destination $SAMSUNG:21
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL2 -p tcp --dport 5090 -j DNAT --to-destination $SAMSUNG:5090
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL2 -p tcp --dport 5003 -j DNAT --to-destination $SAMSUNG:5003
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL2 -p tcp --dport 6001 -j DNAT --to-destination $SAMSUNG:6001
    iptables -t nat -A PREROUTING -i eth0 -s $KEYTEL2 -p tcp --dport 6002 -j DNAT --to-destination $SAMSUNG:6002
 
Old 06-18-2015, 12:17 PM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Yes. I see nothing that would prevent this rule from working.
 
Old 06-22-2015, 01:40 PM   #3
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,539

Original Poster
Rep: Reputation: 177Reputation: 177
Yup, seems to work OK!
 
  


Reply

Tags
iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I tell if these iptables rules already exist? iptables -P INPUT ACCEPT iptabl abefroman Linux - Security 1 10-21-2013 03:00 PM
Consolidate several lines of a CSV file with firewall rules, in order to parse them e starriol Programming 2 10-12-2013 07:13 PM
[SOLVED] during system startup, iptables rules not loaded from /etc/sysconfig/iptables danyim Linux - Security 3 04-13-2013 02:09 AM
Restore iptables Rules that have been saved with iptables-save tiuz Linux - Security 4 08-14-2010 05:50 PM
iptables 1.27a still loading rules after installing iptables 1.3.0 yawe_frek Linux - Software 1 06-07-2007 09:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration