Difference between revisions of "Iptables quick guide"
From thelinuxwiki
(→NAT) |
|||
| Line 22: | Line 22: | ||
'''hide nat behind and interface''' | '''hide nat behind and interface''' | ||
iptables -t nat -A POSTROUTING -o tun0 -s 192.168.1.0/24 -j MASQUERADE | iptables -t nat -A POSTROUTING -o tun0 -s 192.168.1.0/24 -j MASQUERADE | ||
| + | |||
| + | '''destination NAT''' | ||
| + | iptables -t nat -A PREROUTING -d 1.1.1.10 -j DNAT --to-destination 192.168.1.228 | ||
== saving rules for reload on reboot == | == saving rules for reload on reboot == | ||
Revision as of 18:53, 8 October 2013
http://www.linode.com/wiki/index.php/Netfilter_IPTables_Mini_Howto
Contents |
Changing the default policy in iptables
iptables -P INPUT DROP
allow outbound rsync and insert rule at the top of the chain
iptables -I OUTPUT -p tcp -d 1.1.1.1 --dport 873 -j ACCEPT
allow muliple ports example
iptables -I OUTPUT -p tcp -d 1.1.1.1 --dport 1024:65535 -j ACCEPT
IP range example
iptables -A INPUT -p tcp --dport 22 -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT
NAT
show nat rules
iptables -L -t nat
hide nat behind and interface
iptables -t nat -A POSTROUTING -o tun0 -s 192.168.1.0/24 -j MASQUERADE
destination NAT
iptables -t nat -A PREROUTING -d 1.1.1.10 -j DNAT --to-destination 192.168.1.228
saving rules for reload on reboot
on fedora 17
iptables-save > /etc/sysconfig/iptables
