iptables: skip a rule for a specified source

iptables: skip a rule for a specified source

Post by Andrew Eva » Tue, 08 Oct 2002 13:44:40



I am redirecting everyone who tries to get out on port 80 to the
localhost:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
10.1.0.1

   Now I want to allow a few select users to bypass this rule, I
tried:

iptables -t nat -A PREROUTING -s 10.1.0.2 -p tcp --dport 80 -j
REDIRECT --to-ports 80

This rule does not work for obvious reasons, Anyone have any ideas?
All I really want to accomplish is to bypass the :80=>10.1.0.1 rule
for a specified source.

Any help is appriciated...

thanks,
Andy

 
 
 

iptables: skip a rule for a specified source

Post by Whoeve » Tue, 08 Oct 2002 14:41:46



Quote:> I am redirecting everyone who tries to get out on port 80 to the
> localhost:

> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
> 10.1.0.1

>    Now I want to allow a few select users to bypass this rule, I
> tried:

> iptables -t nat -A PREROUTING -s 10.1.0.2 -p tcp --dport 80 -j
> REDIRECT --to-ports 80

How about:
 iptables -t nat -A PREROUTING -i eth1 -p tcp ! -s 10.1.0.2 --dport 80 -j
DNAT --to 10.1.0.1

Incidentally, why are you redirecting to port 80 on the firewall?

 
 
 

1. iptables: rule with RETURN target just after a rule with ACCEPT target

Hi, I've seen in several scripts the following layout:

iptables criteria -j ACCEPT
iptables the_same_criteria_as_above -j RETURN

for example:

iptables  -A INPUT -p tcp -m tcp --dport 100 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp --dport 100 -j RETURN

The last rule will be never matched, because all tcp incoming
connections will be accepted, and then will go throw the next chain.
So, What is the usefulness of this configuration?

IMHO, I think is for changing the scripts in a fast way (just
commenting on the first line will yield in default policy for the
INPUT chain)

TIA

2. RAID software for Solaris 2.6

3. Converting ipchains rules to iptables rules?

4. Maximum file size in ext2 filesystem?

5. iptables: rule with RETURN target after a rule with the ACCEPT target

6. #9GXEPro S3-964 & svgalib

7. Looking for iptables applications code (iptables.c) to run some rules to forward packets

8. Linux inn feeding news to Waffle

9. rewrite rule for http URL -> https URL on specified directory

10. WHy does up2date skip package NOT in the skip list

11. Hexdump: skip does not skip

12. SKIP for Linux and Sunscreen SKIP for W95

13. Specify a logfile (not /var/log/messages) for iptables