How to use iptables on varnish cache server to access only by one network and backend server

Question

Hi i want to allow only one network say 10.10.0.0 to access my varnish edge cache server at 192.168.1.10:80 port also block other 80 port request but the problem is cache server points to a origin server which listen on 80 port in in 192.168.2.0 network.

How could i enable only these two networks to request and fetch inside and output 80 port connections

See attached image:

Your question is unclear. Could you provide more detailed information? — Alexander Tolkachev, Jul 30 '17 at 19:55
Thanks for asking ,I have attached an image to show what i need in the question please find the image — Leo, Aug 01 '17 at 05:34

score 0 · Answer 1 · answered Aug 01 '17 at 12:11

Well, you should add to iptables rules on 192.168.1.10 this rules:

-A OUTPUT -d 192.168.2.0/24 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 10.10.0.0/24 -p tcp -m tcp --dport 80 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

How to use iptables on varnish cache server to access only by one network and backend server

1 Answers1