Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] OT: iptables question (nat)
  • From: BLeonhardt@xxxxxxxxxxx
  • Date: Tue, 9 Dec 2003 15:36:22 +0100
  • Message-id: <OF5E67FAD2.18B4FC4B-ONC1256DF7.00502047-C1256DF7.004F50A9@xxxxxxxxxxx>




Hi,

but you're using the "filter" table if you don't specify " -t nat " ... my question is specific for the nat - table ..

cu
bruno

Jon hoffman <hoffmanjon@xxxxxxxxxxx> schrieb am 09.12.2003 15:48:34:

> That is what you generally use prerouting for, but I suppose you could use the
> forward chain as well (if your pc has a public IP address)
> The forward chain (with masquerade) is used for "routing" connections through
> your firewall. IE:
> If you are masquerading the connections then the following line:
> iptables -A FORWARD -p tcp --dport 22 -s 10.1.1.69 -j ACCEPT
> would read: any ssh (port 22) connection that is being routed (forwarded)
> through the firewall (or router), let through.
> The forward chain is mainly used for routers (firewalls that are designed to
> protect networks) and not for standalone firewalls that are designed to only
> protected a single machine.
> If you have any questions, feel free to let me know.
>
> Hope this helps
>
> Jon Hoffman
>
> On Tuesday 09 December 2003 08:54, BLeonhardt@xxxxxxxxxxx wrote:
> > hi,
> >
> > I usually use prerouting for this purpose ...
> >
> > cu
> > bruno
> >
> > alexander@xxxxxxxxxxxxx schrieb am 09.12.2003 15:59:12:
> > > Hi,
> > >
> > > as far as I know, you can use it to reach a pc behind a firewall, for
> > > example with ssh (forward port 23 to the ip of the specific pc) or you
> > > can use it to forward all request of a program to a pc (for example a
> > > filesharing tool or instant messager).
> > >
> > > Bye
> > > Alex
> > >
> > > > Hi,
> > > >
> > > > does anybody know what to do with the "forward" chain in the nat -
> > > > table ? I know the sense of prerouting and postrouting ( I hope ;-) )
> > > > ... but for what is the "forward" chain ?
> > > >
> > > > cu
> > > > bruno
> > > >
> > > >
> > > > --
> > > > Check the headers for your unsubscription address
> > > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > > Security-related bug reports go to security@xxxxxxx, not here
>
>


< Previous Next >
References