Find the answer to your Linux question:
Results 1 to 5 of 5
Hi to all, I worked on lot on my iptables config, could you check if it makes sense or it's broken? LINK Here is a few problems I had: How ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2006
    Posts
    13

    Help me review my iptables config


    Hi to all,
    I worked on lot on my iptables config, could you check if it makes sense or it's broken?
    LINK
    Here is a few problems I had:
    How do you specify many addresses as sources?
    I tried:
    -s 192.168.20, 192.168.30
    I don't think it will work...What's the official way to do this?
    I found with ports it was easy to do with:
    -p tcp -m multiport --dport 137, 138, 139
    is there something similar?

    Also, if I'm on the LAN, and I try to access a service that's disponible from the Internet using the Internet IP address, it won't work. Like, if I host something on my 192.168.0.2:81 web server, it works only if I access it using the LAN IP address or using the Internet IP address from another building.

    Also, where should I add prioritizations? Is this done in iptables? Also, where can I specifiy bandwidth throttling by port and time of day/day of month?

    How can I improve security and performance of the networks?

  2. #2
    Just Joined!
    Join Date
    Aug 2006
    Posts
    4
    How do you specify many addresses as sources?
    I tried:
    -s 192.168.20, 192.168.30
    I don't think it will work...What's the official way to do this?
    I believe the syntax is like:
    -s 192.168.0.0/16 -- everything on 192.168.x.x
    or -s 192.168.20.0/24 -- everything on 192.168.20.x

  3. #3
    Just Joined!
    Join Date
    Jul 2006
    Posts
    13
    This selects the complete subnet. How would you go around selecting only a few non-contiguous addresses?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2006
    Posts
    4
    As far as I know, you would have to create a new rule for each unique IP.

  6. #5
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Location
    Stuttgart, Germany
    Posts
    240
    man iptables gives
    Code:
    -s, --source [!] address[/mask]
                  Source  specification.   Address can be either a network name, a hostname (please note that specifying any
                  name to be resolved with a remote query such as DNS is a really bad idea),  a  network  IP  address  (with
                  /mask),  or  a  plain IP address.  The mask can be either a network mask or a plain number, specifying the
                  number of 1's at the left side of the network mask.  Thus, a mask of 24 is equivalent to 255.255.255.0.  A
                  "!" argument before the address specification inverts the sense of the address. The flag --src is an alias
                  for this option.
    Thus you have to have to define every individual IP address in one dedicated rule.
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •