Reply To: limit WAN traffic from IP?

#51006
lip
Member

I’ve been reading up, trying to get a little familiar with IPTables.
Thank you for your rule ppalias, I haven’t switched to it yet, I have a few questions:
1) What I had seems to be working,
Virtual Server: ppp0, ANY, TCP, 25,443, 192.168.1.5:25,443
FORWARD: ACCEPT tcp opt — in ppp0 out ETH01 #.their.IP.# -> 192.168.1.5 tcp dpt:25
do you see any problems or advantages to switching to the rule you mention?
2) These rules seem to work for SMTP and http, but not SIP(UDP5000-5084) and RTP(UDP:10000-20000), any ideas? Something similar to your PREROUTING rule?
3) If I enable the NAT and Virtual Servers script, it works in conjunction with, and doesn’t disable the Virtual Servers page, correct?
4) In your rule, did you mean to use DNAT versus MASQUERADE?
5) Is /usr/local/sbin/ required before iptables?