iptables !!!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

iptables !!!

jellad tarek
before trying NuFw i like to try iptables  but i have 2 prob :

I have this case

machine "lan"  ---------------------------------- gateway(+squid) ---------------------   internet
192.168.2.2                                         192.168.2.1 
          
note :  the machine "lan" can access to internet (==>  no prob with squid)

*) first problem
1) in the gateway if i write :
iptables -A OUTPUT -s 192.168.2.0/24 -p tcp  -m state --state NEW,ESTABLISHED -j DROP
==> the machine "lan" can't access internet and it's logic
2) but when i write this :
iptables -A OUTPUT -s 192.168.2.2 -p tcp  -m state --state NEW,ESTABLISHED -j DROP
==>the machine "lan" can access internet !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! why??

*) second problem
if i write this (in the getway):
iptables -A OUTPUT -s 192.168.2.0/24 -p tcp  -m state --state NEW,ESTABLISHED -j DROP
==> the machine "lan" can't access internet
and whene i add --dport 80 like this :
iptables -A OUTPUT -s 192.168.2.0/24 -p tcp  --dport 80  -m state --state NEW,ESTABLISHED -j DROP
==>the machine "lan" can access internet !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
why ???
thanks






_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users
Reply | Threaded
Open this post in threaded view
|

Re: iptables !!!

Vincent Deffontaines-2
Hi,

Sorry but this mailing list is about NuFW, not for Iptables help.
We will help when/if you have problems designing nufw-specific rules, but
you should post pure iptables questions on Netfilter users mailing lists.

Regards,

Vincent


jellad tarek a écrit :

> before trying NuFw i like to try iptables  but i have 2 prob :
>
> I have this case
>
> machine "lan"  ---------------------------------- gateway(+squid)
> ---------------------   internet
> 192.168.2.2                                         192.168.2.1
>
> note :  the machine "lan" can access to internet (==>  no prob with squid)
>
> *) first problem
> 1) in the gateway if i write :
> iptables -A OUTPUT -s 192.168.2.0/24 -p tcp  -m state --state
> NEW,ESTABLISHED -j DROP
> ==> the machine "lan" can't access internet and it's logic
> 2) but when i write this :
> iptables -A OUTPUT -s 192.168.2.2 -p tcp  -m state --state NEW,ESTABLISHED
> -j DROP
> ==>the machine "lan" can access internet
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! why??
>
> *) second problem
> if i write this (in the getway):
> iptables -A OUTPUT -s 192.168.2.0/24 -p tcp  -m state --state
> NEW,ESTABLISHED -j DROP
> ==> the machine "lan" can't access internet
> and whene i add --dport 80 like this :
> iptables -A OUTPUT -s 192.168.2.0/24 -p tcp  --dport 80  -m state --state
> NEW,ESTABLISHED -j DROP
> ==>the machine "lan" can access internet
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> why ???
> thanks
> _______________________________________________
> Nufw-users mailing list
> [hidden email]
> http://lists.nongnu.org/mailman/listinfo/nufw-users
>


--
On sait qu'une cité va devenir grande quand on y voit les anciens planter
des arbres, alors qu'ils savent qu'ils ne profiteront jamais de leur
ombre.

Proverbe Grec



_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users