-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 $GREEN_DEV is just an arbitrary variable that points to a specific interface such as eth0. echo $GREEN_DEV
For IPCop users, these variables are listed in /var/ipcop/ethernet/settings It is good practice to use these variables in your customs scripts. This is probably my favorite iptables site: http://iptables-tutorial.frozentux.net/iptables-tutorial.html An old but still useful introduction: http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html Of course the netfilter site itself: http://www.netfilter.org/ There are tons of others out there, with some very good example scripts. Cheers, Evan Brown wrote: > Thanx for that Andy, man iptables would be sensable if I had a linux box > with man installed on it but we don't run linux at all here, I will go > nose around for man pages on the weeb. This isn't sarcastic, your help > with the first part lifted a bit of the veil... > > Evan >> On Wednesday 20 September 2006 13:12, Evan Brown wrote: >> >>> "/sbin/iptables -t nat -A PREROUTING -p tcp -i $GREEN_DEV -d 10.1.1.229 >>> --dport 23 -j DNAT --to 192.168.77.2:23 " >>> >> 1. -t nat => use the "nat" table >> 2. -A PREROUTING => Append to the chain "PREROUTING" >> 3. -p tcp => for the tcp protcol >> 4. -i $GREEN_DEV => the incoming interface is your green >> >> <I have know idea about the colours and such as I never use these >> appliances >> with green / red / orange etc> >> >> 5. -d 10.1.1.229 => destination is that IP address >> 6. --dport 23 => on the destination port of 23 >> 7. -j DNAT => jump to the DNAT chain >> 8. --to 192.168.77.2:23 => send that here >> >> >> So basically ... incoming tcp traffic on the green thingymabobble, that is >> destined for 10.1.1.229:23 gets shipped to 192.168.77.2:23 before you get to >> the other chains (PREROUTING is first ... AFAICT). >> >> >>> "/sbin/iptables -A FORWARD -p tcp -i $ORANGE_DEV -d 192.168.77.2 --dport >>> 23 -j ACCEPT" >>> >> And for this one ... I'll let you determine >> >> man iptables >> >> >> Andy >> >> _______________________________________________ >> clug-talk mailing list >> [email protected] >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) >> **Please remove these lines when replying >> >> >> . >> >> > > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFEbWTwRXgH3rKGfMRAiNiAJoDwMwBGCepfU+YXP+IgOcZB7rDjACbBqpM CW3PQxMRIXznwyQx8NrVd5s= =dJKb -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
