> On Wed, 2002-08-21 at 23:10, Larry Sanders wrote:
> > Following this is the iptables rules that I have been using.
> > Notice the wonderful credit given to Derek for his help.
> > I like the fact that any traffic from tthe outside is dropped.
> > I have a need to allow ssh traffic in for file transfer.
> > Joe suggested that I use port 222 and RSA keys for
> > authentication to login.
> > What additions to this file will be needed to allow this
> > traffic on port 222.
> > Thanks in Advance
> > Larry :-)
>
> /sbin/iptables -A INPUT -i eth0 -s 0/0 -d 192.168.49.0/24 -p tcp \
> --dport 222 -j ACCEPT
> # Accept connections from the outside world to the internal network on
> port 222
> /sbin/iptables -A INPUT -i eth0 -s 0/0 -d 192.168.49.0/24 -j LOG \
> --log-prefix="EXT-INT DROP: "
> /sbin/iptables -A INPUT -i eth0 -s 0/0 -d 192.168.49.0/24 -j DROP
> # Log and drop packets for any other destination port not specified
> above
>
Small Correction:
Replace eth0 with eth1 in the lines above since eth1 is your external
interface:
/sbin/iptables -A INPUT -i eth1 -s 0/0 -d 192.168.49.0/24 -p tcp \
--dport 222 -j ACCEPT
# Accept connections from the outside world to the internal network on
port 222
/sbin/iptables -A INPUT -i eth1 -s 0/0 -d 192.168.49.0/24 -j LOG \
--log-prefix="EXT-INT DROP: "
/sbin/iptables -A INPUT -i eth1 -s 0/0 -d 192.168.49.0/24 -j DROP
# Log and drop packets for any other destination port not specified
above
-- Matt Miller Systems Administrator MP TotalCare gpg public key id: 08BC7B06
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:48:21 EDT