Iptables question about peer-to-peer rules

Pedro Macedo webmaster at margo.bijoux.nom.br
Mon Apr 4 17:36:58 UTC 2005 

Em Seg, 2005-04-04 às 19:23 +0200, Mark Nixon escreveu:
> Darn, it's hard to formulate an appropriate subject sometimes.
> 
> I have a little peer-to-peer network. I have an ADSL modem and a switch,
> to which I have 4 computers connected,
> 
> As far as I have been able to suss out, my ADSL modem or my switch  is
> assigning the 10.0.* addresses.
> 
> I have only one printer, attached to my Linux computer. At the moment,
> this is the most logical for my configuration.
> 
> I have one computer running Win Me, another running Win XP, a third
> running Linux Core 3, and occasionally my laptop running Win XP.
> 
> If there's any other info required, let me know.
> 
> Up to now, I've been able to use my Linux machine as a print server by
> sending the command (as root) iptables -F.
> 
> I know this is stupid.
> 
> Of course, I want the other computers on my LAN to be able to see, and
> use, my share files *every* time.
> 
> Which, of course, means that iptables rules should be read in at boot
> time.
> 
> >From what I've been able to suss out from man iptables, Googling and
> reading "Red Hat Fedora Linux 3 Bible" I should do the following:
> 
> stop iptables "/etc/init.d/iptables stop"
> 
> from the command line "iptables -A INPUT -p ALL -i eth0 -s 10.0.0.0/6
> accept"
> 
> then I should write "service iptables save"
> 
> and then reboot?
> 
> This seems a little weird, as 10.0.0.1 is my gateway to the internet.
> 
> Shouldn't it be "10.0.0.2/6 accept"?
> 
Nope.. It's 10.0.0.0/6 accept .... Look on google for some information
about CIDR notation and netmasks... 
In fact , I'd preffer to do something more controlled.. Something like
10.0.0.0/24 accept.. This means that only machines with IPs in the range
10.0.0.1 - 10.0.0.254 can access your machine...


> My Linux computer is *not* the Internet gateway, as European energy
> costs rule out (for us, anyway) having my Linux computer always running.
> Each computer on my LAN should be able to access the Internet
> independently.
> 
Let me see if I understood correctly... Your modem is connected to a
cable/dsl router, right? (like this: 
modem --> router = all the machines )

If it is , then you shouldnt need to have your computer always turned on
to access the internet.. You would have to turn it on just to print ,
since the printer is connected to your computer...

That iptables rule should do the trick of allowing anyone to print to
your printer , as long as cups (the print server) is properly configured
already..

--
Pedro Macedo

More information about the users mailing list