Iptables NAT forwarding - how to block all but one IP

view full story

http://serverfault.com – I've got a small network, two interfaces, eth1(local, internal range 192.168.150.0/24) and eth0 external, static ip. I wish to set up nat forwarding for the internal network but allow them to only connect to an external server 209.60.x.x and reject connections to all other external ips. How do i only allow forwarding/nat to ip 209.60.x.x ? Edit : Problem fixed with a iptables -I FORWARD -s x.x.x.x -j ACCEPT followed by iptables -P FORWARD DROP rule. (HowTos)

Submitted by u85500 on 03/06/2013 – Made popular on 03/06/2013

Login or register to post comments
Email this page

Stories similar to Iptables NAT forwarding - how to block all but one IP

iptables forwarding rule [closed] 14 weeks 4 days ago

Scenario: I have one ubuntu server with two interfaces eth0 and eth1. eth0 = public ip(external ip...lets say 77.77.77.77) eth1 = intranet network(192.168.1.1)

I would like to forward all incoming traffic on port 2222 on my eth0(meaning all outside traffic that comes to 77.77.77.77) to some ip in my intranet network:192.168.1.8 on port 80.

Current firewall settings look like:

:INPUT ACCEPT

iptables - ip filtering 2 years 29 weeks ago

Hi Gentlemen!

I'm trying to write an iptables config file, but got stuck.

So I want to define an IP range that allows full access eth0-eth1 forwarding, and another that is allowed to access some special ip-s. The first part works, I could make the range has full access:

iptables -A FORWARD -m iprange --src-range 192.168.80.20-192.168.80.40 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state

iptables: Internal port forwarding with fwmark and routing tables 20 weeks 16 hours ago

I have 2 servers and I need to forwart to internal port.

To explain I use the server with 2 interfaces (internal/external) as server A and the internal server as server B.

In server A i use

iptables -A PREROUTING -t nat -i $extif -p tcp --dport $extif_port -j DNAT --to-destination $dst_ip:$dst_port" iptables -A FORWARD -t filter -d $dst_ip -j ACCEPT" iptables -A POSTROUTING -t nat -p tcp -s $ds

iptables as gateway and POP3 SMTP ports 1 year 14 weeks ago

when trying to open the ports 110 and 25 in my iptables for outlook-only users, i cant do it except by forwarding as such:

-I FORWARD -i eth0 -s 192.168.1.0/24 -j ACCEPT -I FORWARD -i eth1 -d 192.168.1.0/24 -j ACCEPT

but doing so allows the rest of the users in my lan to bypass my squid proxy.

iptables allow everything from one ip 16 weeks 2 days ago

Here's what I have.

Dual homed FreePBX box. Everything works like a champ. eth0 is external. eth1 is internal. SIP provider is at 216.234.x.x.

I'm trying to configure iptables to allow everything from eth1 and lo.

Can't get port forwarding to work on Ubuntu 38 weeks 3 days ago

I'm using my home server as NAT/router, which works well.

iptables -P FORWARD DROP makes port forwarding slow 39 weeks 5 days ago

I have three computers, linked like this:

box1 (ubuntu) box2 router & gateway (debian) box3 (opensuse) [10.0.1.1] ---- [10.0.1.18,10.0.2.18,10.0.3.18] ---- [10.0.3.15] | box4, www [10.0.2.1]

Among other things I want box2 to do nat and port forwarding, so that I can do

ssh -p 2223 box2

to reach b

iptables question. 28 weeks 11 hours ago

I am setting up a new squid daemon to run on my server. I want to make sure that everyone inside my network can access squid but I want to make sure everyone on the internet is blocked.

[kubuntu] Forwarding ports to other, internal hosts 36 weeks 4 days ago

Here is the setup.

Iptables NAT forwarding - how to block all but one IP

Search

Best published stories

Beautiful linux wallpapers

Tags