Drew Reed
2002-Apr-20 20:43 UTC
[Shorewall-users] Blocking rfc1918 addresses with one exception
Hi I''ve come accross a small problem with the rcf1918 address blocking on my internet interface. Im connected via a cable modem and it has an internel web server that allows me to configure/monitor it but as expected if I enable rfc1918 blocking for my eth0 interface(The internet one) it also blocks the cable modems web server. Is there any way it can add a rule before the rfc1918 blocking that will let all traffic to and from the 192.168.100.1 address of the modem in/out but still block all other rfc1918 addresses. Thanks Drew Reed
Tom Eastep
2002-Apr-20 21:01 UTC
[Shorewall-users] Blocking rfc1918 addresses with one exception
On Sat, 20 Apr 2002, Drew Reed wrote:> Hi > > I''ve come accross a small problem with the rcf1918 address blocking on > my internet interface. > > Im connected via a cable modem and it has an internel web server that > allows me to configure/monitor it but as expected if I enable rfc1918 > blocking for my eth0 interface(The internet one) it also blocks the > cable modems web server. Is there any way it can add a rule before the > rfc1918 blocking that will let all traffic to and from the 192.168.100.1 > address of the modem in/out but still block all other rfc1918 addresses. >Please check the list archives -- this question has been answered before. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep
2002-Apr-20 21:20 UTC
[Shorewall-users] Blocking rfc1918 addresses with one exception
On Sat, 20 Apr 2002, Drew Reed wrote:> Hi > > I''ve come accross a small problem with the rcf1918 address blocking on > my internet interface. > > Im connected via a cable modem and it has an internel web server that > allows me to configure/monitor it but as expected if I enable rfc1918 > blocking for my eth0 interface(The internet one) it also blocks the > cable modems web server. Is there any way it can add a rule before the > rfc1918 blocking that will let all traffic to and from the 192.168.100.1 > address of the modem in/out but still block all other rfc1918 addresses. > >Since this seems to be a popular question, I''ve added it as FAQ #14. http://www.shorewall.net/FAQ.htm#faq14 -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net