Thursday, March 11, 2010

Iptables in Linux
--------------------

Blocking specific port through iptables
------------------------------------------
#iptables -A INPUT -p tcp -s 192.168.1.102(e.g-outsider pc) -d 192.168.1.114(e.g-configured iptables pc)--dport 80 -j DROP



Blocking ICMP
--------------
#iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

OR

#iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP


saveing the rule
-------------------
service iptables save
service iptables restart
chkconfig iptables on

vim /etc/sysconfig/iptables

iptables -L (listing the rule )
iptables -F (flush the rule)

NAT configure
-----------------------
1>echo 1 > /proc/sys/net/ipv4/ip_forward
2>/etc/sysctl.conf and net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1.
3>
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT



internal network eth1
external network eth0

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)