iptables on DLink DSL-502T Modem/Router

Anthony Sadler anthonys at faredge.com.au
Wed Nov 9 02:04:06 CET 2005


I would personally filter either in the PREROUTING table:
iptables -t nat -I PREROUTING -p tcp -s SOURCEIP -d EXT_INTERFACE --dport PORT -j DNAT --to INTERNALIP:PORT
Or on the FORWARD table:
iptables -I FORWARD -p $PROTO -s $SOURCEIP -d $INTERNALIP --dport $PORTINT -j ACCEPT

This is assuming you have a default rule of drop or deny on your FORWARD table.

Anthony Sadler
Far Edge Technology
w: (02) 8425 1400
 
-----Original Message-----
From: netfilter-bounces at lists.netfilter.org [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Paul Goodyear
Sent: Tuesday, 8 November 2005 12:47 
To: netfilter at lists.netfilter.org
Subject: iptables on DLink DSL-502T Modem/Router

Hi all,

Does iptables version v1.2.6a support forwarding from a source IP?

The reason I ask, is I have a DLink DSL-502T modem router, the router
has linux on and running iptables.

The webadmin for the router does not allow you to create ip filters,
port forwarding is there but not filtering.

I want to allow access to port 3389 from only 1 internet IP address.
Should this work? (81.81.81.81 being an example)

iptables -A INPUT -s 81.81.81.81 -d 192.168.1.2 -p tcp --dport 3389 -j ACCEPT

The router does no allow me to connect in once this rule is in iptables.

Thanks.

Paul.





More information about the netfilter mailing list