LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-25-2010, 01:21 PM   #1
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Rep: Reputation: 15
Block Web Access With Iptables


Hi,

Just wondering if it is possible to block web access on a certain ip address with iptables.

Iv seen guides for blocking web traffic on a whole network but i want to just block a single host from accessing the web.

Thanks
 
Old 04-25-2010, 01:55 PM   #2
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
Code:
iptables -A OUTPUT  -j DROP -p tcp --dport 80 -s 192.168.1.65 -o eth0
obviously change the ip address.
You may want to add a similar rule for port 443 which is the https port.
Also make sure the ethX is correct for your system.

Last edited by smoker; 04-25-2010 at 01:57 PM.
 
Old 04-25-2010, 02:00 PM   #3
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Thank you very much for this.
 
Old 04-26-2010, 01:45 PM   #4
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
I tried running this but it didnt work.

I have an ubuntu 9.10 vm set up as a router.

The host os is xp. I tried blocking web access on the host os but no joy.

Here is my setup.

adsl router: 192.168.1.254

ubuntu:

eth0: 192.168.1.1

eth1: 192.168.0.1

xp: 192.168.0.2 - gateway 192.168.0.1

any ideas why this wont work. The command works if i just try to block web access on ubuntu but not on the xp host.
 
Old 04-26-2010, 02:13 PM   #5
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
Which ip address did you use in the command ?
 
Old 04-26-2010, 02:15 PM   #6
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
In the command i used 192.168.0.2.

I tried -o eth0 and eth1
 
Old 04-26-2010, 02:49 PM   #7
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
Use the xp gateway address in the -s . Whichever ethX connects to your router use as the -o ethX
 
Old 04-26-2010, 02:52 PM   #8
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Wont this just block web access on everything?

Should have said this but i also connect an xp laptop to my network.

its ip is 192.168.0.3 gateway 192.168.0.1
 
Old 04-26-2010, 02:58 PM   #9
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
can you successfully block the laptop ?
 
Old 04-26-2010, 03:03 PM   #10
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Nope. Tried the laptop but the same, no joy
 
Old 04-26-2010, 03:10 PM   #11
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
If you block the gateway address 192.168.0.1 does it block both the xp machines ?
 
Old 04-26-2010, 03:16 PM   #12
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
No, this is strange. Here is the command i entered:

Code:
sudo iptables -A OUTPUT -j DROP -p tcp --dport 80 -s 192.168.0.1 -o eth0
 
Old 04-26-2010, 03:30 PM   #13
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
I don't think the xp machines are using the gateway that you think they are.
If you block the ubuntu address, do the xp machines lose connection too ?
 
Old 04-26-2010, 03:35 PM   #14
mossy464
Member
 
Registered: Jan 2008
Posts: 55

Original Poster
Rep: Reputation: 15
Nope when i block the ubuntu machine from accessing the web i can still access the web on the windows machines.

I have checked ipconfig on both windows machines to make sure the gateway is 192.168.0.1 and it is.

One thing though. I have the DNS server set to 192.168.1.254 as this is the only way i could get the internet to work on the xp machines.

Would this affect the iptables rule?
 
Old 04-26-2010, 03:56 PM   #15
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
On the ubuntu machine run this
Code:
iftop -nP -f "port 80"
and access the web using an xp machine.
See which ip is doing the accessing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BLOCK any web site ( IPTABLES ) barcaalep Linux - Networking 5 10-13-2008 05:26 AM
BLOCK any web site ( IPTABLES ) barcaalep Linux - Security 2 10-08-2008 02:18 PM
trying to block users from accessing web site with iptables Histamine Linux - Security 2 08-10-2007 09:36 AM
trying to block user from accessing external web site with iptables Histamine Linux - Networking 1 08-10-2007 08:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration