Re: local nets

From: david (damo@damo.dk)
Date: 11/29/02 

From: "david" <damo@damo.dk>
Date: Fri, 29 Nov 2002 17:56:12 +0100

thanks my friend, that solved it :-)

"Lew Pitcher" <Lew_Pitcher@td.com> skrev i en meddelelse
news:3de794db.245918862@news21.on.aibn.com...
> On Fri, 29 Nov 2002 17:14:57 +0100, in comp.os.linux.security, "david"
> <damo@damo.dk> wrote:
>
> >I use slackware 8,1 with kernel 2.4.18 and iptables
> >
> >David
> >
> >"Simon Morris" <simon.morris@PenguinIT.com.SPAMTRAP> skrev i en
meddelelse
> >news:pan.2002.11.29.12.14.19.986473@PenguinIT.com.SPAMTRAP...
> >> On Fri, 29 Nov 2002 09:31:31 +0100, david wrote:
> >>
> >> > hi, i have a linux box with 3 networks on!
> >> >
> >> > eth0 connected to internet
> >> > eth1 local network 192.168.1.0/24
> >> > eth2 local network 192.168.0.0/24
> >> >
> >> > i masq both local nets through eth0, and it works fine.
> >> >
> >> > but now i need to block traffic between the 2 local network.
> >> > can anybody point me in right direction, it would be apreciatet.
>
> You will need to add some rules to the FORWARD table, to block TCP and UDP
> forwarding between the two networks
>
> - DROP all TCP FORWARDED from SOURCE 192.168.1.0/24 to DEST 192.168.0.0/24
> - DROP all UDP FORWARDED from SOURCE 192.168.1.0/24 to DEST 192.168.0.0/24
> - DROP all ICMP FORWARDED from SOURCE 192.168.1.0/24 to DEST
192.168.0.0/24
> - DROP all TCP FORWARDED from SOURCE 192.168.0.0/24 to DEST 192.168.1.0/24
> - DROP all UDP FORWARDED from SOURCE 192.168.0.0/24 to DEST 192.168.1.0/24
> - DROP all ICMP FORWARDED from SOURCE 192.168.0.0/24 to DEST
192.168.1.0/24
>
> (you could also drop by interface)
>
>
>
> Lew Pitcher, Information Technology Consultant, Toronto Dominion Bank
Financial Group
> (Lew_Pitcher@td.com)
>
> (Opinions expressed are my own, not my employer's.)

Relevant Pages

  • Re: local nets
    ... i have a linux box with 3 networks on! ... >>> i masq both local nets through eth0, ... forwarding between the two networks ... DROP all UDP FORWARDED from SOURCE 192.168.1.0/24 to DEST 192.168.0.0/24 ...
    (comp.os.linux.security)
  • Re: remote desktop listening port and drive porting
    ... Try also forwarding UDP 3390... ... or COM port redirection for the server machine whose listening port was ... etc. just the client's drives to not appear on the remote desktop ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: iptables port forwarding for specific source addresses
    ... What syntax is required to allow a machine w.x.0.0/16 to connect to our ... external eth1 and logs all unsolicited packets (we have that under control, ... You'll also need to do forwarding for eth1 and in the FORWARD table. ... need UDP too, then one more rule like the above with -p udp will work. ...
    (comp.os.linux.networking)
  • Re: Found Answer but new Q (was DNS Server Not Responding (Win 2003 SBE))
    ... > for port 53 under the TCP protocol, but not the UDP ... > 53 forwarding, and it still works. ... I thought DNS requests came in over TCP. ...
    (microsoft.public.win2000.dns)
  • Re: Problems with DNS on W2K (not responding to external)
    ... forwarding UDP for 53, and the server disappeared to me altogether. ... that are showing up in the event log (like zone transfers). ...
    (microsoft.public.win2000.dns)