IP Tables, How to block range of ip address from ip table

gash · 05-31-2012, 12:57 AM

Hi, chillispot
Im using chillispot software and for that using UBUNTU server my problem is
eth0 connected to Internal Network
eth1 connected to WIFI Router

chillipoint clients are accessing internet throw wifi... but they can able to access out internal network also, i want to prevent internal network immediately.

in ip table
iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP
from this command i can block one ip but i want to block entire ip to block access from external clients other then gateway
(192.168.1.1)

Please help me out its urgent me to block and prevent accessing those wifi clients to our internal network

all kind of helps highly appriciated

Refractor · 05-31-2012, 01:16 AM

Greetings, you could try something like

Code:

iptables -i eth1 -d 192.168.1.0/24 -j DROP

This will drop everything coming from the interface connected to the wifi router and going to the internal network.

gash · 05-31-2012, 04:05 AM

hi .... thanks for your reply,
if i do that it'll block gateway also if it happen those clients cant able to talk with gateway...

and i'm really not sure wheather clients need to talk with gateway for username password verification and access adsl

thanks again looking some more solution help me pls

fukawi1 · 05-31-2012, 04:25 AM

Code:

~ $ iptables -m iprange --help
iprange match options:
[!] --src-range ip[-ip]    Match source IP in the specified range
[!] --dst-range ip[-ip]    Match destination IP in the specified range

Refractor · 05-31-2012, 08:05 AM

Well if you

Code:

iptables -A INPUT -i eth1 -d 192.168.1.1 -j ACCEPT

before the

Code:

iptables -A INPUT -i eth1 -d 192.168.1.0/24 -j DROP

it will allow packets to go to the gateway and not the internal network. The other way is to use the iprange module, but if you're using an embedded system like openwrt, chances are you don't have that one.