iptables modification

Jim Parker fedoralist at parkerhouse.homeunix.org
Mon Nov 8 23:17:45 UTC 2004


So add a "-s 192.168.0.0/32" to that line to specify that it has to come
from that network.  Or you can put a "-i eth1" to specify that it has to
come in on eth1 device.

Jim

-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] On Behalf Of Garcia, Steve
Sent: Monday, November 08, 2004 4:55 PM
To: For users of Fedora Core releases
Subject: RE: iptables modification



> Garcia, Steve wrote:
> 
> >Yikes -- I actually DID use the correct port number.  I don't know
where
> that
> >443 came from when I typed my question.  :-0
> >
> >
> >
> >>-----Original Message-----
> >>
> >>Hi,
> >>
> >>I need to poke a hole in the firewall to allow access to a remote
Citrix
> >>(port 1494) server.  I believe I've made the correct change.  I
added
> this
> >>to
> >>/etc/sysconfig/iptables
> >>
> >>-A firewall-chain-name -m state --state NEW -m tcp -p tcp --dport
443 -
> j
> >>ACCEPT
> >>
> >>Other than "does it work", which I'm waiting for the someone to
answer,
> >>I'd
> >>like to see what is going on with iptables and check that this port
> shows
> >>up
> >>as being passed.
> >>
> >>How can I see a summary of what iptables is currently doing?
> >>
> >>Iptables -L -v -n
> >>Didn't give me what I expected -- a list of ports being passed.
> >>
> >>Steve
> >>
> >>
> >>--
> >>fedora-list mailing list
> >>fedora-list at redhat.com
> >>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >>
> >>
> >
> >
> >
> It would also be usefull/more secure if you could specify a source IP
> address that the connection can come from.
> 
> Does your "some one" have a static IP address?
> 
> Doug

Yeah, but I'd like it to work for the entire internal masq'd network:
192.168.0





-- 
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list






More information about the fedora-list mailing list