about internet connection sharing
Can i share my internet coonection only for a specific ip address?
i have 4 comp + the server in home and i want to share only 1p add 192.168.0.2 and 4. is it possible to block the ip 192.168.0.3 and 5? is there any monitoring sftware i can use to monitor who is connected to my ICS? and what they are doing? or can i disconnect them? thanks a lot in advance! |
You can always add those IPs in the /etc/hosts.deny file.
|
Let's see...
I don't know how your iptables are configured to handle masquerading (internet connection sharing) at the moment but you could try something like this: # Set default policy for FORWARD to DROP iptables -P FORWARD DROP # Masquerade traffic only from 192.168.0.2 and 192.168.0.4 iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.2/32 -j MASQUERADE iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.4/32 -j MASQUERADE # Drop traffic that isn't related to your established traffic iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP That way you should be able to only let explicitly specified machines be able to access the internet. This is assuming ppp0 is your external interface (inet). Note that the above is no complete iptables script, it won't work like this but you can use it as a starting point. If you need more information about what is happening up there, i suggest reading the manual pages for iptables. In any case I also suggest this page, it got me started pretty well :D. Good luck! |
All times are GMT -5. The time now is 04:35 PM. |