Restricting outside access to certain ports
Chris_Burkhart@aubonpain.com
Chris_Burkhart@aubonpain.com
Fri, 13 Jul 2001 09:42:52 -0400
I'm not sure if iptables can do this, since it doesn't seem to examine any
packets that pass through the FORWARD chain, but maybe I'm just going about
it totally the wrong way.
Basically, our router is setup to direct ALL traffic for our external
subnet to the linux box, it has a static route to hit XXX.XXX.XXX.2 for
everything in the XXX.XXX.XXX subnet. IPTables is configured to do the
following to packets in the FORWARD chain:
$IPT -A FORWARD -d XXX.XXX.XXX.3 -j smtp
$IPT -A FORWARD -d XXX.XXX.XXX.100 -j billing
Here's a piece of the smtp chain:
$IPT -A smtp -p tcp --destination-port 25 -j ACCEPT
....bunch of other commands such as that, with different ports.....
$IPT -A smtp -p icmp -j firewall
$IPT -A smtp -p tcp --syn -j firewall
$IPT -A smtp -p udp -j firewall
Now, the problem is that it passes EVERY packet.. regardless of what port
it's on. Does this type of checking work properly in IPTables? Do I need
a second interface on that subnet? Any suggestions would be greatly
appreciated..
Chris Burkhart
Technical Analyst
Au Bon Pain
617-423-2100x1415