Subj : Re: IPTables problem
To   : alt.os.linux,alt.linux,comp.os.linux
From : jack
Date : Mon Jul 19 2004 11:38 am

Harry Phillips wrote:

> I do not want any restrictions on the first IP. I have tried to 
> configure iptables on the server to restrict what hosts can connect to 
> port 22 on the second IP by using the following rules:
> 
> MYIP="xxx.xxx.xxx.xxx"
> EXT_IF="192.168.1.4"
> iptables -A INPUT -i $EXT_IF -s $MYIP -p tcp --syn --destination-port 22 
> -j ACCEPT
> $IPTABLES -A INPUT -i $EXT_IF -j DROP
> 
> It still allows *anyone* to connect to port 22 on the IP address 
> 192.168.1.4, why? Is it because the second IP is just an alias?

You should use the "-i" option with an IF name, like "eth1:0" or simi-
lar.
If You want to use IP addresses, try "-d $EXT_IF". - Note that You do
not really refer to any "IF" with "$EXT_IF", but to an IP, so "EXT_IP"
would be a better name for that variable.


Cheers, Jack.

-- 
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

.