|
iptables for eth0 and eth1
Hi,
setting up my hardware which has two ports (eth0 and eth1) eth0 is for inbound traffic, eth1 for outbound. Yet I do reach Internet ( thru eth1 ) but do not reach local IPs ( 192.168.x.y ) what am I missing here, I want to use at least dns and ping thru eth1 to local addresses but preferably all outgoing ( also internet ) traffic is allowed. # Delete all existing iptables rules iptables -F # Set default chain policies to DROP all iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # Allow all outbound traffic eth1 - including internet iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -o eth1 -j ACCEPT # Allow incoming SSH traffic solely on eth0 iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT Adding these does not seem to work : iptables -A INPUT -i eth1 -p udp --sport 53 -j ACCEPT iptables -A INPUT -i eth1 -p icmp --icmp-type echo-reply -j ACCEPT Is it needed to add iptables -A OUTPUT -o eth1 -p icmp --icmp-type echo-reply -j ACCEPT iptables -A OUTPUT -o eth1 -p udp --dport 53 -j ACCEPT If I leave out eth1 switches it works but all outgoing traffic should go thru eth1 only. Anyone, please? TiA! |
What means incoming and outgoing for you? All TCP traffic is bidirectional, you cannot close one direction.
|
| All times are GMT -5. The time now is 02:36 PM. |