| |
| |
| |
|
Comments:
<0> I've been trying to use the -j ROUTE target with SNAT, but without much success, iptables -A PREROUTING -t mangle -p tcp --dport 80 -j ROUTE --gw 24.129.185.169
<0> With a SNAT, iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth3 -j SNAT --to-source 24.129.185.170
<0> `tcpdump` shows my internal address on the outgoing packet, though, from `tcpdump -i eth3`
<1> It seems I can use SNAT or ROUTE, but with both ROUTE wins
<2> I have this rule:
<2> -A OUTPUT -p tcp ! --syn -m state --state NEW -j BADFLAGS
<2> Can I use the ! operator somehow to check on any other interface then the one given ?
<2> -A INPUT -i ! eth0 -s x.x.x.x/24 -j ACCEPT ?
<3> -i [!] if
<3> is the format for incoming interface. so yes.
<2> Great! :)
<4> Suppose i try to allow a connection to my machine that uses DROP by default for INPUT and OUTPUT (my machine also needs to answer in the same connection). Should I add a rule to OUTPUT to allow the outgoing packages or do i also cover the outgoing packages when I add a rule to INPUT that uses --ctorigsrc, --ctorigdst, --ctreplsrc and --ctrepldst of conntrack ?
Return to
#netfilter
or
Go to some related
logs:
#css
mary chipperfeild
brainix +irc
#web
ubuntu sodu xserver
arubin chicago
Error fsck.ntfs
command line torrent
#gentoo
unbuctu
|
|