[CentOS] A little iptables help
rodrigob at suespammers.org
Thu Sep 29 15:41:27 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, Sep 29, 2005 at 09:21:40AM -0500, Aleksandar Milivojevic wrote:
> >>>I did this successfully providing external SSH access to a collection
> >>>of hosts on a private network. However for this to work, the hosts on
> >>>the private net also need to be doing SNAT back out through the
> >>Unless you are doing something funky, SNAT is not needed. All he needs
> >>is DNAT.
> >>Netfilter should take care of returning packets automagically (unless, as
> >>said, you are doing something funky and confusing Netfilter with it).
> >If you have a RELATED,ESTABLISHED matching rule only.
> Somebody will probably correct me if I'm wrong, but I think restriction is
> long as you have connection tracking module loaded. And you will have it as
> soon as you call any of NAT targets (iptable_nat module depends on
> module). So you don't have to have any state related rules at all.
If your default rule for the related chain is DROP, then you do need
the state rules.
Rodrigo Barbosa <rodrigob at suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the CentOS