Subj : IPTables problem
To   : alt.os.linux,alt.linux,comp.os.linux
From : Harry Phillips
Date : Mon Jul 19 2004 03:31 pm

I have a firewall appliance on a client's site that has only basic 
firewall configuration ability's. You can get it to forward a port on 
the external interface to a port on an internal host, that's it. I want 
to restrict who can connect to that port. At the moment anyone on the 
entire Internet can connect in.

What I have is an internal host that runs Linux, and I have configured 
it so that the single NIC has an IP of 192.168.1.1 and an alias of 
192.168.1.4

I do not want any restrictions on the first IP. I have tried to 
configure iptables on the server to restrict what hosts can connect to 
port 22 on the second IP by using the following rules:

MYIP="xxx.xxx.xxx.xxx"
EXT_IF="192.168.1.4"
iptables -A INPUT -i $EXT_IF -s $MYIP -p tcp --syn --destination-port 22 
-j ACCEPT
$IPTABLES -A INPUT -i $EXT_IF -j DROP

It still allows *anyone* to connect to port 22 on the IP address 
192.168.1.4, why? Is it because the second IP is just an alias?

If I can't get this worked out then I am more than likely going to stick 
in a second NIC to the server and get it to do all the masquerading.

-- 
Regards,
Harry Phillips

.