Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-02-2006, 03:00 AM
|
#1
|
|
LQ Newbie
Registered: May 2006
Posts: 2
Rep: 
|
How do i block certain LAN IP from accessing Internet?
Good day,
I'm currently using Redhat 9 as my internet gateway. I used simple IP masquerading scripts to enable the internet sharing function. Now, i would like to block certain LAN IP (static LAN IP) from accessing my internet and enable certain websites only to be accessed by my client machines. How can i do this in Redhat 9? Hope someone can guide and assist me on this.
Thank you.
|
|
|
|
|
05-02-2006, 03:14 AM
|
#2
|
|
LQ Newbie
Registered: Apr 2006
Posts: 11
Rep:
|
for blocking certain IP you can use iptable/ipchain...
but for filtering URL use any URL filtering software
|
|
|
|
|
05-03-2006, 09:54 PM
|
#3
|
|
LQ Newbie
Registered: May 2006
Posts: 2
Original Poster
Rep:
|
Thanx for reply baboooss........but maybe u can help me with the script for iptable/ipchain. I used below script to configure my internet sharing:-
------------------------------------------------------------------------------------
#!/bin/sh
iptables=/sbin/iptables
$iptables --flush -t nat
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
------------------------------------------------------------------------------------
I also shall be grateful if you could suggest some url filtering software for redhat 9/linux.
Thank you
|
|
|
|
|
05-04-2006, 12:11 AM
|
#4
|
|
Member
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227
Rep: 
|
Quote:
|
Originally Posted by asoka_ajay
#!/bin/sh
iptables=/sbin/iptables
$iptables --flush -t nat
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
|
Hey that's easy. Say for example you want explicitly allow IP 192.168.1.2 to access only www.google.com and you want 192.168.1.3 full access to the internet.
So the rules are as follows.
Quote:
iptables -t nat -I POSTROUTING -s 192.168.1.2 -o eth1 -d www.google.com -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.3 -o eth1 -j MASQUERADE
iptables -I FORWARD -i eth0 -o eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
|
thats all. Now just change the default gateway and DNS on you client machine to point to the firewall machine IP address. All other Clients on your LAN will not be able to access internet till you explicitly add the rule in iptables. |
|
|
|
|
05-04-2006, 02:55 AM
|
#5
|
|
Red Hat India
Registered: Nov 2004
Location: Kerala/Pune,india
Distribution: RedHat, Fedora
Posts: 260
Rep:
|
Hello asoka_ajay,
To deny certain machines from accessing your internet connection, i think you could use the output chain in the gateway.
#iptables -A OUTPUT -s 'IP of the internal machine' -d 0/0 -p tcp -j REJECT ,
To reject certain sites from the client machines, you can add the rule.
#iptables -A OUTPUT -s 'IP of the internal machine' -d 'URL of the site' -p tcp -j REJECT.
Please reply if this don't works. If so reply with more details.
Thanks,,
|
|
|
|
|
05-04-2006, 03:44 AM
|
#6
|
|
Member
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227
Rep:
|
This is not correct way. He has setup a gateway firewall ROUTER.
Quote:
|
Originally Posted by vimal
Hello asoka_ajay,
To deny certain machines from accessing your internet connection, i think you could use the output chain in the gateway.
#iptables -A OUTPUT -s 'IP of the internal machine' -d 0/0 -p tcp -j REJECT ,
To reject certain sites from the client machines, you can add the rule.
#iptables -A OUTPUT -s 'IP of the internal machine' -d 'URL of the site' -p tcp -j REJECT.
Please reply if this don't works. If so reply with more details.
Thanks,,
|
Last edited by ~=gr3p=~; 05-04-2006 at 03:49 AM.
|
|
|
|
All times are GMT -5. The time now is 08:24 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
