[CentOS] iptables questionson CentOS
mlists at zoominternet.net
Fri Dec 5 00:57:07 UTC 2008
On Thursday 04 December 2008 04:21, Indunil Jayasooriya wrote:
> I know these are a few iptbales questions. NOT CentOS, anyway, I am
> running a firewall on centos 5.x.
> If you can response, it would be fine.
> I want to add a SNAT rule for one user in LAN to access one particular
> destination on the internet.
> Let's say www.centos.org
> I added the below rule. But . it does NOT work
> Pls assume 184.108.40.206 is the real ip of the firewall.
> ip address 192.168.101.230 is the client PC
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -j SNAT
> --to-source 220.127.116.11 -d www.centos.org
> Any idea to achieve it?
> And Also,
> the below rule excludes 1 ip. it works fine.
> iptables -t nat -A PREROUTING -p tcp -m multiport -s ! 192.168.1.9
> --destination-port 80,465,995 -j DNAT --to-destination :3128
> I want to exclude about 4 or 5 ips.
> let's say 192.168.1.11, 192.168.1.19, 192.168.1.20,192.168.1.25
> Is there a way to do it?
> Hope to hear from you.
I take it the firewall has 2 interfaces WAN and LAN. Without knowing how you
have things setup now you could simple add the following:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -i <LAN> -s 192.168.1.11 -j DROP
iptables -i <LAN> -s 192.168.1.19 -j DROP
iptables -i <LAN> -s 192.168.1.25 -j DROP
Should any of these ip's need access to the firewall then you nedd to place
those rules before these.
It is not just an adventure.
It is my job!!
Linux User #296285
More information about the CentOS