Should i use the eth0 ip address of my internet ip address when applying iptables

ForumKid · 01-02-2002, 06:12 AM

#Drop traceroute packets
iptables -A INPUT -s 0/0 -d 192.168.2.2 -p udp --dport 33435:33525 -j DROP

192.168.2.2 is the ip address of my machine.
Is the above statement correct or should i be using my internet ip that points to this machine. For example if you go to 65.125.111.33, you would be redirected to my machine 192.168.2.2.

Am I making sense?

Thank you.:smash:

Mik · 01-03-2002, 05:42 AM

Depends what kind of traffic you want to block that rule says you block things with destination ip 192.etc... People accessing your machine from the outside will refer to it using the 65.etc.. ip so that rule will never block those packets. So in this case I'm assuming you want to block those ports for outside traffic so you will have to use the other ip address.

raz · 01-03-2002, 08:54 AM

The correct entry would be:

iptables -A INPUT -p udp -i eth0 -s 0/0 -d 0/0 --dport 33434:33600 -j LOG --log-level info --log-prefix "** TRACEROUTED **"
iptables -A INPUT -p udp -i eth0 -s 0/0 -d 0/0 --dport 33434:33600 -j DROP

eth0 is your external address.
Always stop packets with the device and ip as ip addresses can be faked.

/raz