iptables two network interfaces

K

kiko

Guest
I'm new in iptables so I need a little help.

I have the machine with next network card configuration:

eth0 - internal network, 10.x.x.x
eth1 - wan, static IP address

I executed the next iptable commands:

iptables -F
iptables -A INPUT -i eth1 -j REJECT

Everything is fine: the machine can not be "ping" by its static ip address over Internet and is fully reachable from the internal net.

but when I do ping from the machine: ping [some address on the internet] the address can not be reached.

but

iptables -F
ping [some address on the internet]

the address can be reached.

What did I do wrong?
 


hello kiko.

when you enter the iptables -A INPUT -i eth1 -j REJECT command you will reject all incoming packets on eth1 (here is included also the response from ping )


After you enter iptables -F, ping work because you are deleting all iptables rules.

--flush -F [chain] Delete all rules in chain or all chains

I hope this helps you
 
Scorpio2k2, Thanks for your answer.

How can I make the rule that will allow me to outgoing traffic but all incoming traffic from Internet to be rejected? That's really confusing me.
 
if you using static ip (internet) , block using ip as the source.
You just look for web blocking , try using port (80)

Good Luck :)
 

Members online


Top