Re: iptables - internal addresses cannot see external interface
From: Michael Mueller (malware@t-online.de)Date: 01/27/02
- Previous message: Warpig: "Newbie iptables question"
- In reply to: Brad Fears: "iptables - internal addresses cannot see external interface"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Michael Mueller <malware@t-online.de> Date: Sun, 27 Jan 2002 05:37:03 +0100
Hi Brad,
you wrote:
> After viewing several tutorials, I've managed to kludge the attached
> iptables script together, and everything seems to be working so far,
> except my internal machines cannot access the external nic on the
> server facing the internet. I'm running a web server on it, and
> everyone else can see it, ssh to it, etc., but I can't from my
> internal boxes. I have to believe that something is just missing from
> the script to enable this...any help is appreciated, and any
> constructive criticism is welcome. Thanks in advance.
[...]
> # Rules for special networks not part of the Internet
> /sbin/iptables -A INPUT -p ALL -i ${intnic} -d ${intnic_bcast} -j
> ACCEPT
> /sbin/iptables -A INPUT -p ALL -i ${locnic} -d ${locip} -j ACCEPT
> /sbin/iptables -A INPUT -p ALL -i ${intnic} -d ${int_range} -j ACCEPT
You disabled it by your rules. You accept only packets destinated to
192.168.0.0/16 on your local interface. Maybe you want to change the
"Rules for incoming packets from the Internet" to include the internal
traffic destinated to your public IP by changing "-i ${extnic}" into "-d
${extip}". Another choice would be to add
/sbin/iptables -A INPUT -p ALL -i ${intnic} -d ${extip} -j ACCEPT
Michael
- Previous message: Warpig: "Newbie iptables question"
- In reply to: Brad Fears: "iptables - internal addresses cannot see external interface"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
