LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-30-2005, 06:06 AM   #1
farhan
Member
 
Registered: Feb 2003
Distribution: xNIX
Posts: 121

Rep: Reputation: 15
complex iptable rule help


Hi
wt i want to do is just simple setup. I will be very
thankful for the help

firewall/Gateway
lan0---eth0-192.168.1.253/30--eth1-10.0.0.253/30-----Lan1

I want one to write the iptable rule for forwarding of
TCP traffic from Lan0 to lan1 on the server
10.0.0.254/30 port www, telnet, ssh, ftp 21,22 during
the office timeings 9 am to 5pm with syn bit set or
stateful option New, Established, Related and log the
packet field informations as well.
 
Old 08-30-2005, 11:41 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I think this is what you're trying to do:
Code:
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.1.253/30 -d 10.0.0.253/30 -p tcp -m multiport --dports 80,23,22,21,20 -m time --timestart 09:00 --timestop 17:00 -m state NEW,ESTABLISHED,RELATED -j LOG --log-tcp-options

iptables -A FORWARD -i eth0 -o eth1 -s 192.168.1.253/30 -d 10.0.0.253/30 -p tcp -m multiport --dports 80,23,22,21,20 -m time --timestart 09:00 --timestop 17:00 -m state NEW,ESTABLISHED,RELATED -j ACCEPT
Logging every single packet during business hours is probably a bad idea as your logs will be massive if you have alot of traffic on your network. You may need to recompile the kernel to support the time module if it's not included with your distro. If that's the case, you'll get an error about not being able to find ipt_time.
 
Old 08-31-2005, 10:58 PM   #3
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
there is another way to change the rules from time to time.
create two rules files.
use crontab to switch between them.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptable rule for rmi bijuhpd Linux - Newbie 2 04-27-2005 01:42 AM
gsl_complex vs <complex> darknails Programming 0 02-27-2005 11:24 AM
complex question help needed ropeboardCEO Linux - Newbie 4 12-25-2004 01:02 AM
Help me write iptable rule to LOG gpagedar Linux - Security 1 10-01-2003 07:47 AM
Port forwarding - Complex hoondie Linux - Networking 2 09-17-2003 08:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration