LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   IP Tables, How to block range of ip address from ip table (http://www.linuxquestions.org/questions/linux-software-2/ip-tables-how-to-block-range-of-ip-address-from-ip-table-947696/)

gash 05-31-2012 01:57 AM

IP Tables, How to block range of ip address from ip table
 
Hi, chillispot
Im using chillispot software and for that using UBUNTU server my problem is
eth0 connected to Internal Network
eth1 connected to WIFI Router

chillipoint clients are accessing internet throw wifi... but they can able to access out internal network also, i want to prevent internal network immediately.

in ip table
iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP
from this command i can block one ip but i want to block entire ip to block access from external clients other then gateway
(192.168.1.1)

Please help me out its urgent me to block and prevent accessing those wifi clients to our internal network

all kind of helps highly appriciated

Refractor 05-31-2012 02:16 AM

Greetings, you could try something like
Code:

iptables -i eth1 -d 192.168.1.0/24 -j DROP
This will drop everything coming from the interface connected to the wifi router and going to the internal network.

gash 05-31-2012 05:05 AM

hi .... thanks for your reply,
if i do that it'll block gateway also if it happen those clients cant able to talk with gateway...

and i'm really not sure wheather clients need to talk with gateway for username password verification and access adsl

thanks again looking some more solution help me pls

fukawi1 05-31-2012 05:25 AM

Code:

~ $ iptables -m iprange --help
iprange match options:
[!] --src-range ip[-ip]    Match source IP in the specified range
[!] --dst-range ip[-ip]    Match destination IP in the specified range


Refractor 05-31-2012 09:05 AM

Well if you
Code:

iptables -A INPUT -i eth1 -d 192.168.1.1 -j ACCEPT
before the
Code:

iptables -A INPUT -i eth1 -d 192.168.1.0/24 -j DROP
it will allow packets to go to the gateway and not the internal network. The other way is to use the iprange module, but if you're using an embedded system like openwrt, chances are you don't have that one.


All times are GMT -5. The time now is 11:56 AM.