iptables two network interfaces

Discussion in 'Linux Networking' started by kiko, Oct 26, 2012.

  1. kiko

    kiko Guest

    I'm new in iptables so I need a little help.

    I have the machine with next network card configuration:

    eth0 - internal network, 10.x.x.x
    eth1 - wan, static IP address

    I executed the next iptable commands:

    iptables -F
    iptables -A INPUT -i eth1 -j REJECT

    Everything is fine: the machine can not be "ping" by its static ip address over Internet and is fully reachable from the internal net.

    but when I do ping from the machine: ping [some address on the internet] the address can not be reached.


    iptables -F
    ping [some address on the internet]

    the address can be reached.

    What did I do wrong?
  2. scorpio2k2

    scorpio2k2 Guest

    hello kiko.

    when you enter the iptables -A INPUT -i eth1 -j REJECT command you will reject all incoming packets on eth1 (here is included also the response from ping )

    After you enter iptables -F, ping work because you are deleting all iptables rules.

    --flush -F [chain] Delete all rules in chain or all chains

    I hope this helps you
  3. kiko

    kiko Guest

    Scorpio2k2, Thanks for your answer.

    How can I make the rule that will allow me to outgoing traffic but all incoming traffic from Internet to be rejected? That's really confusing me.
  4. Maverick1

    Maverick1 Guest

  6. nixsavy

    nixsavy Guest

    if you using static ip (internet) , block using ip as the source.
    You just look for web blocking , try using port (80)

    Good Luck :)

