Mayank wrote:
I just have a small query as I am confused with the directions of packets. When setting a rule for the INPUT table, there is a source and destination setting. From the examples given in the above tutorial, when an incoming packet is received, the source is a local IP and destination is the world. Shouldn´t the incoming packet´s source be the world and destination the local LAN IP address?
Hi, As per my knowledge INPUT table is meant for purpose of allowing/disallowing packets for local host running the Iptable service. For e.g. suppose your machine (I'll call it HostA) hosting the iptable service is also running DHCP service then you may wish to allow machines on local network to be able to connect to port 67 on HostA. Thus you'll need to add a rule like:
-A INPUT -p udp --dport 67 -j ACCEPT
If some host on your private network wants to connect to a remote host on a specific port then you'll be using FORWARD table to allow access as follows:
-A FORWARD -p tcp -s 192.168.0.2 -d 91.129.121.80 --dport 8090 -j ACCEPT
Hi.
I will have 2 interfaces, one to the internet and one to the LAN. So how will iptables forward the request? Do I need to specify the interface too? The interface (Call it LAN) pointing to the LAN will be 192.168.1.1 as all pcs are currently connected to MTNL ADSL directly. The interface that will now connect to MTNL (Call it NET) will be made 192.168.0.2 and MTNL's LAN IP will be changed to 192.168.0.1. Since all pcs are using static IP, changing everyone's settings is a longer procedure.
Also after you've mentioned all FORWARD rules you'd also like to mention following rule:
-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT