[CentOS] iptables questionson CentOS
hicheerup at gmail.com
Tue Dec 9 18:13:54 UTC 2008
If you want to allow one ip to access one destination then you can
write the below rule in iptables.
iptables -t nat -A POSTROUTING -s 192.168.101.230 -d centosip -j MASQUERADE
iptables -t nat -A POSTROUTING -d 192.168.101.230 -s centosip -j MASQUERADE
For remianing ip you can write a simple drop rule to centos ip.
This is will work you out i am sure.
On Thu, Dec 4, 2008 at 2:51 PM, Indunil Jayasooriya <indunil75 at gmail.com> wrote:
> I know these are a few iptbales questions. NOT CentOS, anyway, I am
> running a firewall on centos 5.x.
> If you can response, it would be fine.
> I want to add a SNAT rule for one user in LAN to access one particular
> destination on the internet.
> Let's say www.centos.org
> I added the below rule. But . it does NOT work
> Pls assume 220.127.116.11 is the real ip of the firewall.
> ip address 192.168.101.230 is the client PC
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -j SNAT
> --to-source 18.104.22.168 -d www.centos.org
> Any idea to achieve it?
> And Also,
> the below rule excludes 1 ip. it works fine.
> iptables -t nat -A PREROUTING -p tcp -m multiport -s ! 192.168.1.9
> --destination-port 80,465,995 -j DNAT --to-destination :3128
> I want to exclude about 4 or 5 ips.
> let's say 192.168.1.11, 192.168.1.19, 192.168.1.20,192.168.1.25
> Is there a way to do it?
> Hope to hear from you.
> Thank you
> Indunil Jayasooriya
> CentOS mailing list
> CentOS at centos.org
More information about the CentOS