Very Computer

I have sucessfully limited ftp traffic to my firewall to only one IP address
using the script below see # Incoming FTP. I would like to know what it will
take to do the samething, but hit a machine on the inside lan instead of the
firewall itself.

Thanks in advance.

Mark

#!/bin/sh

IPCHAINS=/sbin/ipchains
IPMASQ=/usr/sbin/ipmasqadm

# Flush the rules (start over)
$IPCHAINS -F
$IPMASQ portfw -f

$IPCHAINS -P input DENY
$IPCHAINS -P output REJECT
$IPCHAINS -P forward REJECT

# Set the TCP timeout to 10 hours
$IPCHAINS -M -S 36000 0 0

# Masqurade for the 192.168.X.0/24 networks
$IPCHAINS -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
$IPCHAINS -A forward -j MASQ -s 192.168.10.0/24 -d 0.0.0.0/0
$IPCHAINS -A forward -j MASQ -s 192.168.20.0/24 -d 0.0.0.0/0
$IPCHAINS -A forward -j MASQ -s 192.168.30.0/24 -d 0.0.0.0/0

# Specific Firewall rules here
# Incoming FTP

$IPCHAINS -A input -i eth0 -p tcp -s x.x.x.x/32 -d x.x.x.x 21 -j ACCEPT

$IPCHAINS -A output -i eth0 -p tcp ! -y -s x.x.x.x 21 -d 0.0.0.0/0 -j ACCEPT

# *************** Transparent Proxy ******************
# Redirect all http port 80 requests to local squid proxy server
#   note that /etc/squid.conf needs tweaking from stock -
#   see http://www.unxsoft.com/transproxy.html
#
#     httpd_accel_host virtual
#     httpd_accel_port 80
#     httpd_accel_with_proxy on
#     httpd_accel_uses_host_header on

$IPCHAINS -A input -p TCP -d 127.0.0.1/32 80 -j ACCEPT
$IPCHAINS -A input -p TCP -d 192.168.10.1/32 80 -j ACCEPT
$IPCHAINS -A input -p TCP -d 0/0 80 -j REDIRECT 3128