gateway newbie questions
ashok Kumar
writetoashok at gmail.com
Mon Dec 5 05:38:44 UTC 2005
/sbin/iptables --flush
> /sbin/iptables --table nat --flush
Above two lines flushes all existing rules in iptables
/sbin/iptables --delete-chain
> /sbin/iptables --table nat --delete-chain
This two deletes any user defined chains present
/sbin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j
> MASQUERADE
This one masquerades the requests going out to internet through interface
ppp0 which is the dialup interface. Masquerading allows internally connected
computers that don't have registered Internet IP addresses to communicate to
the Internet through the sigle IP address present.
Refer http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ for more details about
it.
/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
This one accepts Forwarding of all packets (to other interfaces present, say
ppp0) comming at the interface eth0 that is connected to the local network.
echo 1 > /proc/sys/net/ipv4/ip_forward
Enable packet forwarding in kernel. Can also be set permanantly in
/etc/sysctl.conf
To block a particular machine by its IP address you can add the following
line to iptables.
iptables -A INPUT -s 192.168.0.5 -i eth0 -j DROP
this blocks requests from 192.168.0.5 comming at interface eth0. I think
this would be sufficient. try.
Also refer http://iptables.org/ for more details abt iptables.
--
regards,
Ashok.
More information about the redhat-list
mailing list