LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-24-2004, 03:17 PM   #1
rootyard
Member
 
Registered: Aug 2003
Posts: 167

Rep: Reputation: 30
IPTables Question


I need to do the following on my Slackware box:

I need to be able to forward the following:

traffic on port 80 to 172.10.10.81
traffic on port 110 to 172.10.10.66
traffic on port 22 to 172.10.10.5

I need to be able to block the following domains from users within my LAN:

uproar.com
mail.yahoo.com

I need to disallow the following range of users from accessing the web:

172.10.6.101/199

I need to allow this range to access the web:

172.10.6.201/229

I need to block the following range of ports to ANY machine on my LAN from the web:

23 to 79


Can anyone tell me how this is done with IPTables?
 
Old 06-24-2004, 04:31 PM   #2
ToniT
Senior Member
 
Registered: Oct 2003
Location: Zurich, Switzerland
Distribution: Debian/unstable
Posts: 1,357

Rep: Reputation: 47
You could read the fine manuals around the world regarding to iptables
(there is also one in linuxquestions.org tutorial section, and comprehensive ones in www.netfilter.org)

1.
Code:
iptables -t nat -A PREROUTING --destination your.ip.address --destination-port 80 --jump DNAT --to-destination 172.10.10.81
etc...
2.
Code:
iptables -A FORWARD --destination uproar.com -j REJECT --reject-with icmp-admin-prohibited
and same to the other place. Also you can use DROP, if you don't want to be nice admin.

3.
Why do you want to use so unround numbers? How about
disallowing 64-127 and allowing 128-159?
This can be archived by
Code:
iptables -A FORWARD -p tcp --source 172.10.6.64/26 --destination-port 80 -j REJECT --reject-with icmp-admin-prohibited
iptables -A FORWARD -p tcp --source 172.10.6.128/27 --destination-port 80 -j ACCEPT
You can use those ranges you suggested, but then you have to fight with them.
eg. for the the 101-199 range you have to repeat that command
with values: 172.10.6.101/32,172.10.6.102/31,172.10.6.104/29, 172.10.6.112/28, 172.10.6.128/26 and 172.10.6.192/29.


4.
iptables -A FORWARD -p tcp -i yourINETInterface --destination-port 23:79 -j DROP

Last edited by ToniT; 06-24-2004 at 04:33 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables question iomari Linux - Security 4 01-13-2005 12:14 AM
Iptables Question? unixfreak Linux - Security 1 09-01-2004 08:23 PM
iptables Question gauge73 Linux - Networking 3 12-14-2003 12:02 AM
IPtables Question jacovds Linux - Security 10 11-17-2003 09:46 AM
iptables question Texicle Slackware 7 01-19-2003 12:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration