NAT and reject rule
Anish Mathew
nedumannilanish at yahoo.co.uk
Fri Aug 19 10:58:02 UTC 2005
try this,
For your situation the packet hits the chain in this
way.
1. Mangle Prerouting
2 Nat Prerouting
< here routing decision is made. Since this packet
is to be forwarded it goes to >
3. Mangel forward
4. Filter forward.
5. mangle Postrouting
6. Nat postrouting.
<out of the box>
Since u configured the rule in INPUT chain fo filter
table the packet never reached it.
So u can add it in any of the previous chains
depending on your requirement.
Eg.
iptables -A FORWARD -s 10.10.16.x -d 200.100.100.67 -p
all -i eth1 -j DROP
For this u should not have any rules above in this
chain or any rules in PREROUTING that accepts this
connection.
Regards
Anish
--- Rezk Mekhael <Rezk at CLUnet.edu> wrote:
> Hi, Manager
>
>
> I have a server with 2 card
>
> eth1: 10.10.16.X enternal
> eth0: 200.100.X.X external
>
> I am using NAT rule, i need a example to
>
> "any traffic coming from 10.10.16.x is NOT allowed
> to go to the a server
> 200.100.100.67 , but can still do everything else"
>
> any idea?
>
> I try to use this
> "iptables -A INPUT -p all -d 200.100.100.67 -i eth1
> -j DROP"
>
> but it did not work
>
>
>
> --
> Sincerely,
> Rezk Mekhael
>
> --
> redhat-list mailing list
> unsubscribe
>
mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
___________________________________________________________
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
More information about the redhat-list
mailing list