Quote:
Originally Posted by SBN
Hey guys in linux box i have 2 interfaces when using the INPUT,FORWARD, and OUTPUT chains Do you have to specify the interfaces were packets come and go?
|
Sometimes you'll want to specify that a rule only applies to packets coming into a certain interface. Other times you won't. For example, say I have a box with two interfaces, one for the LAN (let say it's eth0) and one for the WAN (let say it's eth1). I want to allow connections into my SSH daemon. I could do a:
Code:
iptables -A INPUT -p TCP --dport 22 -j ACCEPT
That would work, but it would allow people on both my LAN and WAN networks to connect. If I only want people on my LAN to connect, I need to specify the LAN interface:
Code:
iptables -A INPUT -p TCP -i eth0 --dport 22 -j ACCEPT
Now any packets which hit the WAN interface won't match this rule, and hence won't be sent to ACCEPT by it.
Quote:
i cant find anything saying what interfaces should packets go when there going to leave the firewall.
|
This is specified in your IP
routing table. You can look at it with this command: