Re: [Bridge] iptables

Tue, 18 Sep 2001 08:25:13 -0700 

http://bridge.sourceforge.net/devel/bridge-nf/README

and here a old test script:
"...
$iptables -N in_21
$iptables -N ou_21
#$iptables -A PREROUTING -t mangle -d 192.168.201.21/32 -j MARK --set-mark 1
#$iptables -A PREROUTING -t mangle -s 192.168.201.21/32 -j MARK --set-mark 2

$iptables -A in_21 -p tcp -s 192.168.201.0/24 -d 192.168.201.21/32 
--dport 23 -j ACCEPT
$iptables -A ou_21 -p tcp ! --syn -s 192.168.201.21/32 --sport 23 -d 
192.168.201.0/24 -j ACCEPT

$iptables -A in_21 -p tcp ! --syn -s 0/0 --sport 22 -d 192.168.201.21/32 
-j ACCEPT
$iptables -A ou_21 -p tcp -s 192.168.201.21/32 -d 0/0 --dport 22 -j ACCEPT
$iptables -A in_21 -p tcp -d 192.168.201.21/32 -j ACCEPT
$iptables -A ou_21 -p tcp -j ACCEPT
$iptables -A in_21 -p icmp --icmp-type echo-reply -j ACCEPT
$iptables -A in_21 -p icmp --icmp-type destination-unreachable -j ACCEPT
$iptables -A in_21 -p icmp --icmp-type source-quench -j ACCEPT
$iptables -A in_21 -p icmp --icmp-type time-exceeded -j ACCEPT
$iptables -A in_21 -p icmp --icmp-type parameter-problem -j ACCEPT
$iptables -A in_21 -p icmp -j DROP
$iptables -A ou_21 -p icmp -j ACCEPT
$iptables -A FORWARD -d 192.168.201.21/32 -j in_21
$iptables -A FORWARD -s 192.168.201.21/32 -j ou_21
..."

hope this will help you.

seb

Munday, Merrick wrote:

> In a normal iptables implementation, you are correct. The forward 
> chain is used for any packets passing through the box, while the input 
> and output chains apply to packets from or to the iptables machine 
> itself.  However, I thought that the bridging code would only use a 
> chain that had been given the same name as the bridge, at least under 
> ipchains. 
>
> See this link:
> 
>http://www.bnhof.de/~uwe/bridge-stp-howto/BRIDGE-STP-HOWTO/advanced-bridge.html#IPCHAINS
> 
> 
><http://www.bnhof.de/%7Euwe/bridge-stp-howto/BRIDGE-STP-HOWTO/advanced-bridge.html#IPCHAINS>
>
> Has this changed with iptables?  Or has the bridging code itself changed?
>
>
> -----Original Message-----
> From: sebastien Robart [ mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 10:28 AM
> To: 'SinChanKeppel'
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Bridge] iptables
>
>
> -A forward, not input , i think.
>
> seb
>


_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Reply via email to