LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-31-2012, 12:57 AM   #1
gash
LQ Newbie
 
Registered: Feb 2012
Posts: 5
Blog Entries: 1

Rep: Reputation: Disabled
IP Tables, How to block range of ip address from ip table


Hi, chillispot
Im using chillispot software and for that using UBUNTU server my problem is
eth0 connected to Internal Network
eth1 connected to WIFI Router

chillipoint clients are accessing internet throw wifi... but they can able to access out internal network also, i want to prevent internal network immediately.

in ip table
iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP
from this command i can block one ip but i want to block entire ip to block access from external clients other then gateway
(192.168.1.1)

Please help me out its urgent me to block and prevent accessing those wifi clients to our internal network

all kind of helps highly appriciated
 
Old 05-31-2012, 01:16 AM   #2
Refractor
Member
 
Registered: Oct 2008
Location: Rousse, Bulgaria
Distribution: Slackware
Posts: 89

Rep: Reputation: 22
Greetings, you could try something like
Code:
iptables -i eth1 -d 192.168.1.0/24 -j DROP
This will drop everything coming from the interface connected to the wifi router and going to the internal network.
 
Old 05-31-2012, 04:05 AM   #3
gash
LQ Newbie
 
Registered: Feb 2012
Posts: 5
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
hi .... thanks for your reply,
if i do that it'll block gateway also if it happen those clients cant able to talk with gateway...

and i'm really not sure wheather clients need to talk with gateway for username password verification and access adsl

thanks again looking some more solution help me pls
 
Old 05-31-2012, 04:25 AM   #4
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 189Reputation: 189
Code:
~ $ iptables -m iprange --help
iprange match options:
[!] --src-range ip[-ip]    Match source IP in the specified range
[!] --dst-range ip[-ip]    Match destination IP in the specified range
 
1 members found this post helpful.
Old 05-31-2012, 08:05 AM   #5
Refractor
Member
 
Registered: Oct 2008
Location: Rousse, Bulgaria
Distribution: Slackware
Posts: 89

Rep: Reputation: 22
Well if you
Code:
iptables -A INPUT -i eth1 -d 192.168.1.1 -j ACCEPT
before the
Code:
iptables -A INPUT -i eth1 -d 192.168.1.0/24 -j DROP
it will allow packets to go to the gateway and not the internal network. The other way is to use the iprange module, but if you're using an embedded system like openwrt, chances are you don't have that one.
 
  


Reply

Tags
iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error!! str2addr:Address 35 outside range of address field length 1 !!! MounaRM Linux - Networking 1 05-12-2011 11:32 PM
ERROR 1146: Table 'information_schema.tables' doesn't exist neverland Linux - Server 3 07-15-2010 02:59 PM
How to route using my own custom routing tables and not the Kernel's table WhiskeyTangoFoxtrot Linux - Networking 1 03-17-2009 10:03 AM
Is it possible to block text strings with IP tables? abefroman Linux - Security 27 06-29-2005 05:36 PM
Setting ip tables to block all traffic LinuxBAH Linux - Security 1 02-07-2004 06:15 AM


All times are GMT -5. The time now is 04:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration