[Gllug] iptables and flaky ssh, ftp, vnc

Tom Schutzer-Weissmann trmsw at yahoo.co.uk
Tue Jun 21 20:54:02 UTC 2005

On Tue, 2005-06-21 at 16:37 +0100, Peter Grandi wrote:

> There is probably wrong with the 'iptables' rules too, they are
> very very difficut to get right (and, as usual, very easy to get
> wrong but ''working''). I usually recommend using a rule set
> generator... But even that does not avoid the need for clear
> thinking.

I'll stick my neck out. This is a semi-theoretical question. Given that
I wanted as transparent a link as possible, isn't this the minimal
ruleset I could have?

Tom Weissmann

dynip=`/sbin/ifconfig | grep -A 4 $dev | awk '/inet/ { print $2 } ' |
sed -e s/addr://`

iptables -I OUTPUT 1 -s $world -d $dest -j ACCEPT -o $dev
iptables -I INPUT 1 -s $dest -d $world -j ACCEPT -i $dev
iptables -I FORWARD 1 -s $world -d $dest -j ACCEPT -o $dev
iptables -I FORWARD 1 -s $dest -d $world -j ACCEPT -i $dev
iptables -t nat -A POSTROUTING -o $dev -j SNAT --to $dynip

echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/ip_forward

How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list