[CentOS] Iptables masq traffic limiting
Robert Spangler
mlists at zoominternet.netMon Sep 1 05:29:38 UTC 2008
- Previous message: [CentOS] Iptables masq traffic limiting
- Next message: [CentOS] Help me
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sunday 31 August 2008 22:31, Joseph L. Casale wrote: > >We should be talking live. Why don't your join the #centos-social on > > freenode so we can chat real time? > > Robert, > Just got back from my trip and reading that Tutorial, it went on to state > what I now find to be two distinct opposite thoughts. Its says at > http://iptables-tutorial.frozentux.net/chunkyhtml/c962.html that you > shouldn't filter in the NAT Postrouting chain as some streams of packets > only have their first packet hit the chain and everything else is > redirected hence the possibility exists that some packets can miss the > rule. > > It seems the Filter Forward chain is the safest place to limit what gets > masq'ed so internal clients could only have say port 80/443 but no ftp > access as an example. That is correct. The only thing that should hit the NAT chain is what you have already decided should be allowed out. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org
- Previous message: [CentOS] Iptables masq traffic limiting
- Next message: [CentOS] Help me
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list