[plug] Iptables Help - UDP
Russell Steicke
r.steicke at bom.gov.au
Fri Feb 4 17:40:59 WST 2005
On Fri, Feb 04, 2005 at 04:02:05PM +0800, Timothy White wrote:
...
> As I'm fairly new to iptables I'm guessing that I need an INPUT rule on
> both ppp0 and eth0 on the appropriate ports and protocols (and address.)
> Then a FORWARD rule from ppp0 to eth0 (then laptop ip) for incoming and
> another FORWARD the other way round with the VPN ip?
No, this is what Cameron was referring to. Packets destined for the
local host go through INPUT. Packets originating from the local host
go through OUTPUT. Packets being forwarded by this host acting as a
router go through FORWARD. Packets only go through one of these
chains in the filter table. And in this case, also the POSTROUTING
chain of the nat table, because you're using "-j MASQUERADE" for
forwarded packets.
> Would this be correct? (Anyone want to try and write the rules (dummy
> IP's are fine) so I can see what is happening?
First pass at a rule:
iptables -A FORWARD -i eth0 -d a.l.c.oa -p udp --dport 500 -j ACCEPT
I _think_ you won't need a rule for the reverse direction because it
will be handled by the existing rule that says
-A INPUT -i ppp0 -m state --state ESTABLISHED -j ACCEPT
I'd encourage you to read the iptables(8) man page and understand what
each of those args are doing before adding my untested lines to your
gateway.
--
Russell Steicke
-- Fortune says:
What UNIVERSE is this, please??
More information about the plug
mailing list