[root@alanstudio]# iptables -A INPUT -m tcp -p tcp --dport 21 -j accept
[root@alanstudio]# iptables -D INPUT -m tcp -p tcp --dport 21 -j accept
[root@alanstudio]# iptables -I INPUT -m tcp -p tcp --dport 21 -j accept

Append/Delete/Insert the rule manually, remember restart iptables

[root@alanstudio]# service iptables start | stop | restart
[root@alanstudio]# /etc/init.d/iptables start | stop | restart

Start/stop/restart iptables service

[root@alanstudio]# service iptables status
[root@alanstudio]# iptables -L -n

Check the firewall filter policy of currrent iptables

[root@~ ]# iptables -t nat -A OUTPUT -d 192.168.2.2 -j DNAT --to-destination 10.0.0.2
[root@~ ]# iptables -t nat -A OUTPUT -d 192.168.2.2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80

For outgoing, all the traffic/port of 192.168.2.2 forward to 10.0.0.2. The second line is only foward 80 port for outgoing.

[root@~ ]# iptables -t nat -nL

Check the NAT postrouting MASQUERADE policy of currrent iptables

[root@~ ]# iptables -A POSTROUTING -s 192.168.0.0/255.255.255.0 -d 192.168.1.0/24 -o eth1 -j MASQUERADE

NAT postrouting : source 192.168.0.0/24 to destination 192.168.1.0/24 go through the device "eth1"

[root@~ ]# iptables -A POSTROUTING -s 192.168.1.0/255.255.255.0 -d ! 192.168.0.0/24 -o ppp0 -j MASQUERADE

NAT postrouting : source 192.168.1.0/24 to destination 192.168.0.0/24 would not go through the device "ppp0"



Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.