LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-13-2011, 05:07 AM   #1
muradcsc
LQ Newbie
 
Registered: Dec 2007
Posts: 13

Rep: Reputation: 0
Allow only a sub domain in firewell


Hi
I have got a centos 5.5 box with 2 interface (WAN & LAN) and trying to configure firewall so that LAN user can browse XXX.subdomain.com
(where XXX can be anything). nothing else.

I googled whole day but no luck

Any Help will be appreciated.

thanks

Murad
 
Old 06-13-2011, 05:10 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
this is not a firewalls job. It will deal with IP addressing, and NOT domain names. Not surprising you didn't find anything.

Whilst it is occasionally possible to have firewalling systems that can utilize some elements of DNS, it is not viable to rely on DNS lookups to permit firewall connections as the overhead and latency is vast, and the reliability is poor.

Last edited by acid_kewpie; 06-13-2011 at 05:11 AM.
 
Old 06-13-2011, 05:31 AM   #3
muradcsc
LQ Newbie
 
Registered: Dec 2007
Posts: 13

Original Poster
Rep: Reputation: 0
Hi Chris,
thanks for your quick reply.
could you please help how can i do that? is there any possible way?

regards

Murad
 
Old 06-13-2011, 05:33 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
what do you mean by "browse a domain"? if this is web traffic, then that's what an http proxy is for. Anything else, you need to write more informative and detailed posts about your situation.
 
Old 06-13-2011, 05:53 AM   #5
muradcsc
LQ Newbie
 
Registered: Dec 2007
Posts: 13

Original Poster
Rep: Reputation: 0
OK let me explain, As I told before my linux server contains 2 interface cards eth0 for WAN and eth1 is LAN(10.10.0.0/24), dhcp server is enabled on eth1 interface. Now situation is I want configure the linux server such way that any node inside LAN (for example 10.10.10.254) can only access XXX.subdomain.com. if it want to access say for example www.google.com it will be rejected.

Hope the situation is now clear.

thanks again

Murad
 
Old 06-13-2011, 06:03 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
Well that's not really any more use, but I'll assume you do mean http traffic. So use a proxy, like Squid.
 
Old 06-13-2011, 04:53 PM   #7
instag
LQ Newbie
 
Registered: Sep 2010
Distribution: Slackware
Posts: 15

Rep: Reputation: 0
A proxy is the best way for sure.
If you don't care about using the server for other outgoing traffic and "XXX.subdomain.com" has a fixed IP address range (for example "188.40.138.0/24"), you could restrict the traffic with an OUTPUT rule:
Code:
iptables -A OUTPUT -o eth0 ! -d 188.40.138.0/24 -j REJECT

Last edited by instag; 06-13-2011 at 04:55 PM.
 
  


Reply

Tags
firewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
domain users can't access samba shares on domain member server noahbeach Linux - Server 1 11-24-2010 05:16 AM
Sendmail doubling sender domain- ex. hostname.domain.net.domain.net halborr Slackware 7 08-23-2010 08:37 AM
How to give Domain Administrator privileges to Root user in Domain Controller Sumitsm Linux - Newbie 12 08-24-2009 12:53 AM
IPtables - block subdomains (a.domain.com, b.domain.com, c.domain.com,...) benjalien Linux - Networking 6 06-24-2009 07:03 AM
Joining a linux machine to a windows domain having a wndows 2003 as domain contoller sukalyan_g Suse/Novell 1 03-28-2008 01:31 AM


All times are GMT -5. The time now is 11:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration