my actual iptables inquiry
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Sat Feb 21 01:16:39 UTC 2004
Am Fr, den 20.02.2004 schrieb Ricardo A. Vetrovec um 20:04:
> -A FORWARD -s $NET --dport 80 -j ACCEPT
> -A FORWARD -d $NET --sport 80 -j ACCEPT
>
> this to man: accept packets to thje internet if the source are my net
> (example 192.168.0.0/16) and destination port 80 ACCEPT
> accept packages to my network if the source port are 80 (remote server
> are going to transmit by 80)
>
> email:
>
> port 110 pop, i don't remember imap
IMAP ist port 143, but you can use for the ports the service as well in
the rule.
> same rules, change the port
>
> if the mail is webmail you don't need to open ports
>
> media, well, you have to go to windows media player faq, realaudio faq,
> etc because i don't remember right now
>
> then for the last RULE
>
> -A FORWARD -s &NET -j DROP
>
> that-s means: deny any package for my net
>
> of course iptables are going to read rule by rule until the package
> match anyone, the general drop is use it to drop any other ports
>
> If you want to drop messenger you have to install squid because when
> messenger does not have connection trought its original port then use 80.
>
> Greetings
>
> Rick
Maybe I missed something, but where did the OP say something about he
runs the firewalling box with iptables as a router? My impression is
that he directly connects to the internet. So creating FORWARD rules is
false.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 02:13:43 up 1 day, 3:47, load average: 0.08, 0.10, 0.08
[ Γνωθι σ'αυτον - gnothi seauton ]
More information about the users
mailing list