Differences between version 12 and predecessor to the previous major change of FirewallNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 12 | Last edited on Sunday, January 5, 2003 12:13:55 pm | by CraigBox | Revert |
Older page: | version 11 | Last edited on Friday, September 20, 2002 6:44:42 pm | by CraigBox | Revert |
@@ -29,6 +29,13 @@
* But don't start with that rule if you're working remotely
* DENY might sound nice, but it means people can spoof packets from your computer, and your computer won't abort the connection. a rate limited (using -m limit) REJECT is much much safer.
* You probably want to rate limit log messages too otherwise a good portscan can flood syslogd(8) for ages.
+!Pinholing
+
+If you have a firewall running iptables, chances are you'll want to forward a port at some point (to run a P2P app, a game server etc). Experiment with this command line:
+
+ iptables -t nat -A PREROUTING -i ppp0 -j DNAT -p tcp --to=10.69.1.200 --dport 4661
+
+(Substitute ppp0/tcp/10.69.etc/4661 with whatever you need)
You might want to read [HowToIPCHAINSHOWTO], [HowToBridgeFirewall], [HowToBridgeFirewallDSL], [HowToFirewallHOWTO], [HowToFirewallPiercing], [HowToSentryFirewallCDHOWTO] or [HowToTermFirewall]. (They're all really, REALLY old.)