[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
Hi Steve, It would be better to block at your router but i am presuming the router is without a firewall. iptables -A INPUT -p tcp --dport 80 -s ! 10.0.0.0/255.0.0.0 -j DROP iptables -A INPUT -p tcp --dport 80 -s !(MY BOX) -j DROP That should do the job. The second rule is going to be a lot more of a hassle if you are allocated a dynamic ip by your dial up ISP. In fact i can't think of a way around that unless you set up https or authetification. Luke Quoting Steve Marvell <steve@xxxxxxxxxxxxxx>: > Imagine, if you will a netwrokign situation > thus: > > mybox (111.111.111.111) > > dialup > > demon internet > > (the internet) > > broadband provider > > router [external] (222.222.222.222) > router [internal] (10.0.0.1) > > lan > > server (10.0.0.10) > > > In order that mybox can http to server, router > port forwards 80 to > server. Since it's only mybox that is supposed > to access this port > from the internet, and all things on the lan > should be able to too, I > have iptables on server. > > Given the port forwarding situation, I'm not > sure what I'm doing with > iptables. Can someone give me the iptables > options which say: > > allow lan to access port 80 as a direct > connection > allow mybox to access port 80 port forwarded > from router > deny all other port 80 access port forwarded > from router > > Cheers > > Steve > > -- > The Mailing List for the Devon & Cornwall LUG > Mail majordomo@xxxxxxxxxxxx with "unsubscribe > list" in the > message body to unsubscribe. > -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.