Question on iptables and forwarding inward
Star
nhstar at gmail.com
Sat Sep 10 16:01:01 EDT 2005
On 9/10/05, Jeff Kinz <jkinz at kinz.org> wrote:
>
> Hi Star, please don't top-post, it makes it harder to understand what
> you are saying: For example what are you referring to below when you
> say "Thats the hope"? (yes, I can guess this time, but the
> reason for the time honored tradition of bottom posting is that it
> produces a more understandable and more condensed dialog stream).
>
> On Sat, Sep 10, 2005 at 01:22:16PM -0400, Star wrote:
> > That's the hope, yes, as I do run a couple of other services (smtp,
> http(s))
> > via port forwarding.
> >>>>MOVED TO INDICATE what I think You're replying to.
>
> > On 9/10/05, Jeff Kinz <jkinz at kinz.org> wrote:
> > > On Sat, Sep 10, 2005 at 12:09:31PM -0400, Star wrote:
> > > > I've got a server sitting inside my firewall (netfilter/iptables)
> > > and I need > to make it completely accessible to clients coming from
> > > specific subnets. > I've used iptables for NATing and other uses
> > > from the inside out, but not > for coming outside in, and since it's
> > > a windows box, I'd like to limit it so > that it only a couple of
> > > known networks can get access to it. Port > forwarding it ~doable~
> > > but with all the services, I'm hoping to avoid a > chain that long.
>
>
> > > OK, win server sitting inside (behind) an iptables firewall
> > >
> > > Allow some external (outside) network address ranges(subnets)
> > > to have "some" access to the win server?
>
> > That's the hope, yes, as I do run a couple of other services (smtp,
> http(s))
> > via port forwarding.
>
> Star: the next two paragraphs are what I think is a solution to your
> goals. Do you need more specific examples?
>
> > > You use net masks on the INPUT chain to specify "ACCEPT" on
> > > the net address ranges you want to let in, and you can even specify
> port
> > > ranges (which map to services) to further refine the access.
> > >
> > > My assumption here is that all other traffic is to be either rejected
> > > or sent to some other system on the internal LAN?
>
> --
> speech recognition software was used in the composition of this e-mail
> Jeff Kinz, Emergent Research, Hudson, MA.
> ¡Ya no mas!
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Sorry for the top-post, I'd just finished up with some work-mail, and well,
it's backwards there ;)
Thanks for the help! It got me in the right direction and things are going
and forwarding as needed!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20050910/fba7c90f/attachment.html
More information about the gnhlug-discuss
mailing list