Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: jimgb17 on May 01, 2016, 06:15:53 PM
-
Hi Forum
Iam Trying to figure a way to White list a Ip address for my voip server want to allow only one external ip to port 80 on server 192.168.1.100
can i use iptables like.
iptables -A INPUT -p tcp -s xx.xx.xx.xx --dport PORT -j ACCEPTh
Is this possible ?
I have tried using the WEB ui but can never seem to get it working it works perfecton my 7800n router
-
that will add it to the end of INPUT, you probably want to add it near the top, so iptables -i 1 or similar to put it in the first entry and bump everything else down one.
You also have an extra letter on the end of accept, which will likely break it.
-
Just so I understand, you want to port forward port 80 to an internal server? If so you need to use PREROUTING and DNAT, INPUT is input to the router which is not the same as through the router. Something like:
iptables -t nat -A PREROUTING -s x.x.x.x -p tcp --dport 80 -j DNAT --to-destination 192.168.1.100
Then the required FORWARD rules (FORWARD is through the firewall/router, input/output are to the router/firewall itself) if not maintaining state and/or denying all forward (probably permits all, unless you have locked this down) and outbound SNAT rules (which will likely already be there, as you have internet access!). Example FORWARD rule that might/might not be required
iptables -A FORWARD -p tcp -d 192.168.1.100 --dport 80 -j ACCEPT
Same points about inserting (-I) rather than adding (-A) apply as mentioned above, to make sure the rule placement is above any drop rules. You could of course also specify input and output interfaces on the PREROUTING rule.