iptables on DLink DSL-502T Modem/Router
anthonys at faredge.com.au
Wed Nov 9 02:04:06 CET 2005
I would personally filter either in the PREROUTING table:
iptables -t nat -I PREROUTING -p tcp -s SOURCEIP -d EXT_INTERFACE --dport PORT -j DNAT --to INTERNALIP:PORT
Or on the FORWARD table:
iptables -I FORWARD -p $PROTO -s $SOURCEIP -d $INTERNALIP --dport $PORTINT -j ACCEPT
This is assuming you have a default rule of drop or deny on your FORWARD table.
Far Edge Technology
w: (02) 8425 1400
From: netfilter-bounces at lists.netfilter.org [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Paul Goodyear
Sent: Tuesday, 8 November 2005 12:47
To: netfilter at lists.netfilter.org
Subject: iptables on DLink DSL-502T Modem/Router
Does iptables version v1.2.6a support forwarding from a source IP?
The reason I ask, is I have a DLink DSL-502T modem router, the router
has linux on and running iptables.
The webadmin for the router does not allow you to create ip filters,
port forwarding is there but not filtering.
I want to allow access to port 3389 from only 1 internet IP address.
Should this work? (188.8.131.52 being an example)
iptables -A INPUT -s 184.108.40.206 -d 192.168.1.2 -p tcp --dport 3389 -j ACCEPT
The router does no allow me to connect in once this rule is in iptables.
More information about the netfilter