Blocking ICMP outgoing requests only in eth1

Posted by Raj on Server Fault See other posts from Server Fault or by Raj
Published on 2012-10-28T22:12:08Z Indexed on 2012/10/28 23:05 UTC
Read the original article Hit count: 300

Filed under:

networking

|

iptables

|

routing

|

nat

I am creating a NAT with iptables:

Computer A: eth0 (dhcp) + eth1 (static ip 192.168.0.1 - gateway) Computer B: eth1 (static ip 192.168.0.2, using Computer A as gateway)

I know how to block ICMP outgoing requests (-A OUTPUT -p icmp --icmp-type echo-request -j DROP), but that would block ICMP requests from Computer A, but not from Computer B (in fact, only for Computer A - Computer B can keep doing those).

I tried with the same command, but adding -o eth1, but that does not block at all. Any idea?

© Server Fault or respective owner

Related posts about networking

Networking stopped working on Ubuntu

as seen on Super User - Search for 'Super User'
I installed Ubuntu 10.04 through the Wubi installer (Funny, I installed it today and thought I would have gotten 10.10). I had a network connection and everything was working fine. I rebooted my coumputer a couple of times and then suddenly, I could not connect to the network and when I click the… >>> More
Troubles with start up defenition of networking service in Ubuntu

as seen on Super User - Search for 'Super User'
I use Ubuntu 12.04.1. I put attention that networking script starting in runlevel 0: user@comp:/etc/rc0.d$ chkconfig -l networking networking 0:on 1:off 2:off 3:off 4:off 5:off 6:off When I try to move it working to appropriate run levels I get error: user@comp:/etc/rc0… >>> More
Installing the Elgg Social Networking CMS

as seen on Internet.com - Search for 'Internet.com'
One Open Source CMS that stands out above the rest for small businesses and personal networks is the Elgg open source "social engine," which can be used to create social applications. Scott Clark shows you how to install and get started with this social networking CMS. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More
OAuth: Token-Based Authorization for the Social Networking Age

as seen on Internet.com - Search for 'Internet.com'
The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites. >>> More

Related posts about iptables

Sometimes this script fails to update the iptables

as seen on Server Fault - Search for 'Server Fault'
It does not happen often, but sometimes after running the below script, checking the iptables with service iptables status shows that they weren't updated and the script doesn't output any error. The iptables is structured as look-up tree (long repeated sections snipped): #!/bin/sh iptables -t… >>> More
My current iptable configuration doesn't work [on hold]

as seen on Server Fault - Search for 'Server Fault'
sudo chkconfig iptables off /etc/init.d/iptables on ### Clear/flush iptables sudo iptables -F sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT ### Allow SSH iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables… >>> More
L2TP iptables port forward

as seen on Server Fault - Search for 'Server Fault'
Hi all, I'm setting up port forwarding for an L2TP VPN connection to the local Windows 2003 VPN server. The router is a simpel Debian machine with iptables. The VPN server works perfect. But I cannot log in from the WAN. I'm missing something. The VPN server is using a pre-shared key (L2TP) and… >>> More
iptables -P FORWARD DROP makes port forwarding slow

as seen on Server Fault - Search for 'Server Fault'
I have three computers, linked like this: box1 (ubuntu) box2 router & gateway (debian) box3 (opensuse) [10.0.1.1] ---- [10.0.1.18,10.0.2.18,10.0.3.18] ---- [10.0.3.15] | box4, www [10.0.2.1] Among other… >>> More
IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

as seen on Server Fault - Search for 'Server Fault'
I was thinking initially needing to do a reverse proxy or something so I could get some SSL/TLS traffic look like it is being terminated at a server and IP address in the AWS cloud, and then that traffic is forwarded onto our actual web servers that aren't in the cloud... I've not done much iptables… >>> More