[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nufw-users] iptables !!!
|
From: |
Vincent Deffontaines |
|
Subject: |
Re: [Nufw-users] iptables !!! |
|
Date: |
Tue, 22 May 2007 17:20:45 +0200 (CEST) |
|
User-agent: |
SquirrelMail/1.4.10a |
Hi,
Sorry but this mailing list is about NuFW, not for Iptables help.
We will help when/if you have problems designing nufw-specific rules, but
you should post pure iptables questions on Netfilter users mailing lists.
Regards,
Vincent
jellad tarek a écrit :
> before trying NuFw i like to try iptables but i have 2 prob :
>
> I have this case
>
> machine "lan" ---------------------------------- gateway(+squid)
> --------------------- internet
> 192.168.2.2 192.168.2.1
>
> note : the machine "lan" can access to internet (==> no prob with squid)
>
> *) first problem
> 1) in the gateway if i write :
> iptables -A OUTPUT -s 192.168.2.0/24 -p tcp -m state --state
> NEW,ESTABLISHED -j DROP
> ==> the machine "lan" can't access internet and it's logic
> 2) but when i write this :
> iptables -A OUTPUT -s 192.168.2.2 -p tcp -m state --state NEW,ESTABLISHED
> -j DROP
> ==>the machine "lan" can access internet
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! why??
>
> *) second problem
> if i write this (in the getway):
> iptables -A OUTPUT -s 192.168.2.0/24 -p tcp -m state --state
> NEW,ESTABLISHED -j DROP
> ==> the machine "lan" can't access internet
> and whene i add --dport 80 like this :
> iptables -A OUTPUT -s 192.168.2.0/24 -p tcp --dport 80 -m state --state
> NEW,ESTABLISHED -j DROP
> ==>the machine "lan" can access internet
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> why ???
> thanks
> _______________________________________________
> Nufw-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/nufw-users
>
--
On sait qu'une cité va devenir grande quand on y voit les anciens planter
des arbres, alors qu'ils savent qu'ils ne profiteront jamais de leur
ombre.
Proverbe Grec