Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] OT: iptables question (nat)
  • From: Jon hoffman <hoffmanjon@xxxxxxxxxxx>
  • Date: Tue, 9 Dec 2003 09:48:34 -0500
  • Message-id: <200312090948.34765.hoffmanjon@xxxxxxxxxxx>
That is what you generally use prerouting for, but I suppose you could use the
forward chain as well (if your pc has a public IP address)
The forward chain (with masquerade) is used for "routing" connections through
your firewall. IE:
If you are masquerading the connections then the following line:
iptables -A FORWARD -p tcp --dport 22 -s 10.1.1.69 -j ACCEPT
would read: any ssh (port 22) connection that is being routed (forwarded)
through the firewall (or router), let through.
The forward chain is mainly used for routers (firewalls that are designed to
protect networks) and not for standalone firewalls that are designed to only
protected a single machine.
If you have any questions, feel free to let me know.

Hope this helps

Jon Hoffman

On Tuesday 09 December 2003 08:54, BLeonhardt@xxxxxxxxxxx wrote:
> hi,
>
> I usually use prerouting for this purpose ...
>
> cu
> bruno
>
> alexander@xxxxxxxxxxxxx schrieb am 09.12.2003 15:59:12:
> > Hi,
> >
> > as far as I know, you can use it to reach a pc behind a firewall, for
> > example with ssh (forward port 23 to the ip of the specific pc) or you
> > can use it to forward all request of a program to a pc (for example a
> > filesharing tool or instant messager).
> >
> > Bye
> > Alex
> >
> > > Hi,
> > >
> > > does anybody know what to do with the "forward" chain in the nat -
> > > table ? I know the sense of prerouting and postrouting ( I hope ;-) )
> > > ... but for what is the "forward" chain ?
> > >
> > > cu
> > > bruno
> > >
> > >
> > > --
> > > Check the headers for your unsubscription address
> > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > Security-related bug reports go to security@xxxxxxx, not here



< Previous Next >
Follow Ups
References