CaZaTech » IPTables

Redirecting a port to a local machine inside our network

cazatech — Thu, 22 Nov 2007 22:12:10 +0000

If we want to redirect a port (Like the http port) to one of our network machine we should use this IPTables rule:

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.0.x

iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.x --dport 80 -j SNAT --to-source 192.168.0.y

IPTables: Deny Messenger access

cazatech — Tue, 03 Jul 2007 21:47:37 +0000

We can use the next rule to deny MSN Messenger access in our LAN. You must have Kernel 2.6.14 with the IPTables STRING module:

iptables -I FORWARD -p tcp -m string --string "VER " --from 51 --to 56 --algo bm -j REJECT

The STRING module search into the packet a text string. The “from” “to” parameters means the TCP header end and end of data.

Source: VivaLinux!

IPTables: Filtering by MAC Address

cazatech — Fri, 29 Jun 2007 15:52:05 +0000

If we want filter a MAC in our firewall, we can use IPTables to this. For example, if we want to filter a MAC like 00:12:8D:EE:6E:AB (Must type the MAC with this format -> HH:HH:HH:HH:HH:HH) and deny their access to our Firewall we can put type this:

iptables -A INPUT -m -mac --mac-source 00:12:8D:EE:6E:AB -j DROP

Also, we can use the ! operator, wich inverts the operation, for example, if we type:

iptables -A INPUT -m -mac --mac-source ! 00:12:8D:EE:6E:AB -j DROP

All the packets will be dropped, except the packets from 00:12:8D:EE:6E:AB MAC.