Subj : Re: IPTables problem To : alt.os.linux,alt.linux,comp.os.linux From : Connor Sterner Date : Mon Jul 19 2004 01:49 pm -- -- Looking for a date/hookup/sex partner? http://accfq2.linksysnet.com:999/match/index2.htm ^^ Free dating services & Swingers Pages! ^^ -=-=-=-=-=-=-=- Need a Loan or a Credit Card? Our loan pages are the best http://accfq2.linksysnet.com:999/loan/index.htm 100% Guaranteed Credit Cards and Loans, EVEN IF YOU HAVE BAD CREDIT! Also, Signature Cash advances, and debt consolidation! Check us out today. "Harry Phillips" wrote in message news:kgvrs1-qn.ln1@free.teranews.com... > I have a firewall appliance on a client's site that has only basic > firewall configuration ability's. You can get it to forward a port on > the external interface to a port on an internal host, that's it. I want > to restrict who can connect to that port. At the moment anyone on the > entire Internet can connect in. > > What I have is an internal host that runs Linux, and I have configured > it so that the single NIC has an IP of 192.168.1.1 and an alias of > 192.168.1.4 > > I do not want any restrictions on the first IP. I have tried to > configure iptables on the server to restrict what hosts can connect to > port 22 on the second IP by using the following rules: > > MYIP="xxx.xxx.xxx.xxx" > EXT_IF="192.168.1.4" > iptables -A INPUT -i $EXT_IF -s $MYIP -p tcp --syn --destination-port 22 > -j ACCEPT > $IPTABLES -A INPUT -i $EXT_IF -j DROP > > It still allows *anyone* to connect to port 22 on the IP address > 192.168.1.4, why? Is it because the second IP is just an alias? > > If I can't get this worked out then I am more than likely going to stick > in a second NIC to the server and get it to do all the masquerading. > > -- > Regards, > Harry Phillips .