[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 244
  • Last Modified:

iptables -FORWARD inquiry

Hey folks,

I'm trying to figure out a ruleset a wrote a while ago that I'm currently improvising.  I can't figure out for the life of me why I used something like this:

# allow packets leaving local loopback out
-A FORWARD -i lo -o eth1 -j ACCEPT

Does anyone have any clue why I would do something like this?

Thanks,

- sf
0
stevefNYC
Asked:
stevefNYC
2 Solutions
 
BlazCommented:
This rule really looks odd. I believe there will never be a packet matching this rule unless you are doing something strange on your machine.

I believe packets would match this rule only if you were doing something like:
iptables -t nat -A PREROUTING -i lo -p tcp --dport 2023 -j DNAT 192.168.0.12:23

and then trying:
telnet 127.0.0.1 2023
0
 
nociSoftware EngineerCommented:
iptables -nv -L FORWARD
should give you some more details if this rule is used anyway.
It is an odd rule....

If the rule is used you might want to insert a
-A FORWARD -i lo -o eth1 -j LOG ....
before it so that you can see in the syslog what rules match this one.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now