about internet connection sharing
 

Can i share my internet coonection only for a specific ip address?

i have 4 comp + the server in home and i want to share only 1p add 192.168.0.2 and 4. is it possible to block the ip 192.168.0.3 and 5?

is there any monitoring sftware i can use to monitor who is connected to my ICS? and what they are doing? or can i disconnect them?

thanks a lot in advance!

You can always add those IPs in the /etc/hosts.deny file.

Let's see...

I don't know how your iptables are configured to handle masquerading (internet connection sharing) at the moment but you could try something like this:

# Set default policy for FORWARD to DROP
iptables -P FORWARD DROP

# Masquerade traffic only from 192.168.0.2 and 192.168.0.4
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.2/32 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.4/32 -j MASQUERADE

# Drop traffic that isn't related to your established traffic
iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

That way you should be able to only let explicitly specified machines be able to access the internet.

This is assuming ppp0 is your external interface (inet). Note that the above is no complete iptables script, it won't work like this but you can use it as a starting point. If you need more information about what is happening up there, i suggest reading the manual pages for iptables. In any case I also suggest
this page, it got me started pretty well :D.

Good luck!