NAT(MASQ) and default policies on a dynamic ip interface
From: Andreas Gredler (andreas.gredler_at_g-tec.co.at)
Date: 08/28/03
- Next message: Jem Berkes: "Re: Howto detect SYN scan?"
- Previous message: Nico Kadel-Garcia: "Re: Poor people's OS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Aug 2003 04:02:13 +0200
Hello,
I'm running a server which connects my LAN to the internet via
masquerading. Today I realized that all policies are set to ACCEPT.
Therefore I changed all to DROP, which had some drawbacks. My problem
are the rules for NAT, so that I can set it to DROP. My basic ruleset
was taken from the NAT-Howto:
iptables -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
But when I set the policy to DROP NAT still works, but not on the server
itself... due to the -s 192.168.0.0/24 part. I would also need to allow
localhost and my external ip, too.
But my external ip is dynamic and I'm looking for another way to solve
the problem. Would be easy to read the external interface ip with the
help of ifconfig and awk but that would mean, that the whole ruleset
has to be reloaded after reconnecting my WAN interface.
Any help much appreciated.
greets Jimmy
-- Andreas "Jimmy" Gredler, andreas.gredler@gmx.at Get my public key at www.g-tec.co.at
- Next message: Jem Berkes: "Re: Howto detect SYN scan?"
- Previous message: Nico Kadel-Garcia: "Re: Poor people's OS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
