Short and improved version of this.
By halfgaar, 3 years ago, on February 04, 2014, at 11:02 |
If you need services to be availble on multiple ports, you can use: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1000 -j REDIRECT --to-port 25 --match comment --comment "Explain."
By halfgaar, 6 years ago, on December 23, 2010, at 16:12 |
When you forward a port to an internal machine on the network, you still can't access that host using your WAN-IP from within the LAN. This article explains it well. In short, it's because the reply the machine your connecting to makes, goes to the LAN IP directly, and not back through the router.
By halfgaar, 7 years ago, on July 23, 2010, at 13:07 |
For some reason, Debian can't do "/etc/init.d/iptables save". So, we have to fix something ourselves. I used this article as source, which also has some useful comments. Apparently, the iptables initscript used to exist...
By halfgaar, 7 years ago, on February 03, 2010, at 14:02 |
Here are some convenient iptables rules. This first list is for not allowing anything in, accept packets that come back from outgoing connections, complicated related traffic like FTP, everything from the localhost, ICMP (ping and stuff) and SSH. It also sets the default policy to DROP. This you would use on a machine connected directly to the internet.
By halfgaar, 7 years ago, on January 04, 2010, at 12:01 |
When migrating to Zimbra, I don't want people to fiddle with their mail when I'm doing it, so I disable IMAP access from anything but the virtual machine instance in which Zimbra is running. I do that with this:
By halfgaar, 7 years ago, on December 21, 2009, at 15:12 |