First let me explain my situation:
I have a Suse 10.3 router with 4 network cards. 1 is to connect to the big network and thereby also the internet, 2 are for ‘client’ subnets and I want to use the last one as a DMZ. In this DMZ will be a web server which has to be accessible from the other 2 subnets and from the big network. I could do it with a few simple clicks in Yast firewall, but I have some issues with this firewall and there for I want to use it as minimal as possible, using Iptables.
So now I’m struggling a bit with Iptables. Basicly what I’m looking for is how to block all ports but 80 in this last subnet with iptables.
Thanks for youre reply. I now have added the first rule with the following command: iptables -A FORWARD -o eth3 -j DROP.
So now all I have to do is to let it accept port 80 but im not sure how to tell Iptables this. Something like iptables -o -p tcp -d port 80 but im not able to get it to work. Can you help me out here?
iptables -I FORWARD -o eth3 -m tcp -p tcp --dport 80 -j ACCEPT and it should be ahead of the DROP rule in the chain.
PS: This is off the top of my head, it’s up to you to look up the correct form in an iptables tute, or look at the existing rules with iptables -L -n and imitate.
