how to make connections?

onzi · 05-15-2012, 11:12 PM

http://i.imgur.com/E7IZu.jpg

Hallo everyone
Here on the picture are 3 PCs.

Default policy to DROP for all chains. Start each connectionless be initialized respectively by
PC1, PC2 or PC3 in the specified instructions.
PC1 can make contact with the PC3, but can not make the connection to PC2.
Being able to connect to abv.bg, but can not to dir.bg.
PC2 can make the connection to PC1. Being able to connect to abv.bg, but can not to dir.bg
PC3 can not make the connection to PC1. Being able to connect to dir.bg, but can not to abv.bg

can someone help me with the algorithm?

nini09 · 05-16-2012, 02:24 PM

The route can be used between PC, such as PC1 and PC2. The policy is used to control particular service, such as abv.bg.

onzi · 05-17-2012, 05:40 AM

What do you mean? I just need IP tables command in linux to do with the above conditions

nikmit · 05-17-2012, 08:12 AM

Permitting connectons between PCs is not complicated.

Code:

iptables -A FORWARD -s PC1.ip.here -d PC3.ip.here -j ACCEPT
iptables -A FORWARD -s PC3.ip.here -d PC1.ip.here -m state --state RELATED, ESTABLISHED -j ACCEPT
iptables -A FORWARD -s PC3.ip.here -d PC1.ip.here -j DROP

That would be the principle, you can apply it to networks or drill down to protocols/ports, and repeat for all client combinations.

Controlling access to websites can be done better with a transparent or authenticated squid proxy.
You could try and do it in iptables but I suspect the results will not be as good.

Code:

-A FORWARD -s PC1.ip.here -p tcp -m tcp --dport 80 -m string --algo bm --string "dir.bg" -j REJECT

nini09 · 05-17-2012, 02:30 PM

I means that if you want to control entire network, such as between PC, it is simple to use route instead of policy.

onzi · 05-19-2012, 05:36 AM

Can you tell me, how to do that step by step, cause I have never used Linux before.
I mean, where should I write the IP tables command.