DNAT & multiple entries + multiple external addresses
Justin Michael
jmichael@web3.fibercitynetworks.net
Sat, 19 Jan 2002 11:04:57 -0500
On Sat, Jan 19, 2002 at 01:09:19PM -0000, arb.comms@btclick.com wrote:
> O.K. guys a bit of help need,
>
> I have a need to let PCAnywhere through the firewall, have managed this in
> DNAT but what I would like to do is bolt the rules down so as i ony let
> specific remote computers through. I have three remote sites that require
> access, all have a fixed IP, so how do you write a rule that says
>
> for this protocal | only allow these three machines to connect | when the
> destination is this server.
Here are the two rules, just combine the -s (source) and -d (destination)
and -p (protocol) --dport (destination port) into one rule for inbound
and then the same with --sport (source port) for the replies.
iptables -I FORWARD -s <remote site> -d <pcanywhereserver> -p tcp \
--dport <pcanywhere port> -j ACCEPT
iptables -I FORWARD -s <pcanywhereserver> -d <remote site> -p tcp \
--sport <pcanywhere port> -m state --state ESTABLISHED -j ACCEPT