Allow only a sub domain in firewell
Hi
I have got a centos 5.5 box with 2 interface (WAN & LAN) and trying to configure firewall so that LAN user can browse XXX.subdomain.com (where XXX can be anything). nothing else. I googled whole day but no luck Any Help will be appreciated. thanks Murad |
this is not a firewalls job. It will deal with IP addressing, and NOT domain names. Not surprising you didn't find anything.
Whilst it is occasionally possible to have firewalling systems that can utilize some elements of DNS, it is not viable to rely on DNS lookups to permit firewall connections as the overhead and latency is vast, and the reliability is poor. |
Hi Chris,
thanks for your quick reply. could you please help how can i do that? is there any possible way? regards Murad |
what do you mean by "browse a domain"? if this is web traffic, then that's what an http proxy is for. Anything else, you need to write more informative and detailed posts about your situation.
|
OK let me explain, As I told before my linux server contains 2 interface cards eth0 for WAN and eth1 is LAN(10.10.0.0/24), dhcp server is enabled on eth1 interface. Now situation is I want configure the linux server such way that any node inside LAN (for example 10.10.10.254) can only access XXX.subdomain.com. if it want to access say for example www.google.com it will be rejected.
Hope the situation is now clear. thanks again Murad |
Well that's not really any more use, but I'll assume you do mean http traffic. So use a proxy, like Squid.
|
A proxy is the best way for sure.
If you don't care about using the server for other outgoing traffic and "XXX.subdomain.com" has a fixed IP address range (for example "188.40.138.0/24"), you could restrict the traffic with an OUTPUT rule: Code:
iptables -A OUTPUT -o eth0 ! -d 188.40.138.0/24 -j REJECT |
All times are GMT -5. The time now is 02:06 AM. |