I nat all tcp to a socks proxy doing something like..
sudo iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner USER -m tcp -j REDIRECT --to-ports XXX
Therefore all packets go there, it works.
I know that local socks proxy connect to a IP and I want to allow my computer to access only that IP. The way I try to do it is..
sudo iptables -P OUTPUT DROP
then I add an exception
sudo iptables -A OUTPUT -o lo -d 127.0.0.1 -j ACCEPT (loopback)
sudo iptables -A OUTPUT -d xxx.yyy.xxx.zzz -j ACCEPT
I have used wireshark to see if my computer connects to another IP but it only connects to that IP but somehow when I say to iptables DROP everything except that one with ALL protocols allowed and ALL ports, it is not working. I really cant understand it.
From serverfault
joe
-
- Use "-v, --verbose", you see iptables counter. This is a good tool for debugging.
- Use LOG target to debug iptables rules.
From bindbn
0 comments:
Post a Comment