Question on iptables and forwarding inward
Star
nhstar at gmail.com
Sat Sep 10 13:23:00 EDT 2005
That's the hope, yes, as I do run a couple of other services (smtp, http(s))
via port forwarding.
On 9/10/05, Jeff Kinz <jkinz at kinz.org> wrote:
>
> On Sat, Sep 10, 2005 at 12:09:31PM -0400, Star wrote:
> > Hi All,
> >
> > I've got a server sitting inside my firewall (netfilter/iptables) and I
> need
> > to make it completely accessible to clients coming from specific
> subnets.
> > I've used iptables for NATing and other uses from the inside out, but
> not
> > for coming outside in, and since it's a windows box, I'd like to limit
> it so
> > that it only a couple of known networks can get access to it. Port
> > forwarding it ~doable~ but with all the services, I'm hoping to avoid a
> > chain that long.
> >
>
>
>
> OK, win server sitting inside (behind) an iptables firewall
>
> Allow some external (outside) network address ranges(subnets)
> to have "some" access to the win server?
>
> You use net masks on the INPUT chain to specify "ACCEPT" on
> the net address ranges you want to let in, and you can even specify port
> ranges (which map to services) to further refine the access.
>
> My assumption here is that all other traffic is to be either rejected
> or sent to some other system on the internal LAN?
>
>
>
>
> --
> speech recognition software was used in the composition of this e-mail
> Jeff Kinz, Emergent Research, Hudson, MA.
> ¡Ya no mas!
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20050910/653db7fc/attachment.html
More information about the gnhlug-discuss
mailing list