Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: kupski-mis@lisega.com on March 05, 2004, 03:24:40 PM

Title: Modifying SME iptables rules?
Post by: kupski-mis@lisega.com on March 05, 2004, 03:24:40 PM: All,

I would like to change the masq functionality on SME 6.0 to only masquerade for certain hosts on my network (mainly proxy, mail, AV, and patch servers.) These hosts are all on the same subnet. Additionally, I would like to allow port 21 only for another subnet. I have multple IPSEC tunnels running that should be routed for all hosts on the network

What changes should be made to the masq rules to accomplish this? Normally, I am more than capable of working through something like this myself, but I find SME's ruleset to be very complex, and do not wish to break things by simply hacking away.
Title: Modifying SME iptables rules?
Post by: shanen on March 06, 2004, 06:30:45 AM: Quick and dirty way....
Edit etc/rc.d rc.local
eg:
/sbin/iptables -I FORWARD -i eth0 -p tcp --dport 1:21 -j DROP

Then
/etc/rc.d/rc.local

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies