-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Sep 28, 2005 at 09:09:27AM -0700, Kirk Bocek wrote:
Rodrigo Barbosa wrote:
Humm, that should be relatively simple:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --destination-port 8000 -j DNAT --to-destination ${DESTINATION_SERVER}
iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE1} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE2} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE3} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE4} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -j REJECT --reject-with tcp-reset
Rodrigo, wouldn't the port filtering take place in the INPUT chain?
iptables -P INPUT DROP iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
My bad. I started writing thinking it would have to redirect port 80 too, then noticed my mistake. After that, I forgot to move it to the INPUT chain.
[]s
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)