iptables two network interfaces

Discussion in 'Linux Networking' started by kiko, Oct 26, 2012.

  1. kiko

    kiko New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    I'm new in iptables so I need a little help.

    I have the machine with next network card configuration:


    eth0 - internal network, 10.x.x.x
    eth1 - wan, static IP address

    I executed the next iptable commands:

    iptables -F
    iptables -A INPUT -i eth1 -j REJECT

    Everything is fine: the machine can not be "ping" by its static ip address over Internet and is fully reachable from the internal net.

    but when I do ping from the machine: ping [some address on the internet] the address can not be reached.

    but

    iptables -F
    ping [some address on the internet]

    the address can be reached.

    What did I do wrong?
  2. scorpio2k2

    scorpio2k2 New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    hello kiko.

    when you enter the iptables -A INPUT -i eth1 -j REJECT command you will reject all incoming packets on eth1 (here is included also the response from ping )


    After you enter iptables -F, ping work because you are deleting all iptables rules.

    --flush -F [chain] Delete all rules in chain or all chains

    I hope this helps you
  3. kiko

    kiko New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Scorpio2k2, Thanks for your answer.

    How can I make the rule that will allow me to outgoing traffic but all incoming traffic from Internet to be rejected? That's really confusing me.
  4. Maverick1

    Maverick1 New Member

    Messages:
    24
    Likes Received:
    5
    Trophy Points:
    3
  5. Maverick1

    Maverick1 New Member

    Messages:
    24
    Likes Received:
    5
    Trophy Points:
    3
  6. Cristal Skull

    Cristal Skull Member

    Messages:
    44
    Likes Received:
    23
    Trophy Points:
    8
  7. nixsavy

    nixsavy Member

    Messages:
    65
    Likes Received:
    17
    Trophy Points:
    8
    if you using static ip (internet) , block using ip as the source.
    You just look for web blocking , try using port (80)

    Good Luck :)

Share This Page