|
Questions Questions Questions
CURRENT SETUP:
=========== I have 2 networks at work.Let's name them NetworkA and NetworkB. NetworkA has a ADSL Router.Both Networks use the router for internet. NetworkA: 192.168.35.X (8 PC's) NetworkB: 192.168.35.X (20 PC's) GATEWAY: 192.168.35.1 (ADSL Router) Ok....all PC's on NetworkA connects to a hub(obviously), and the same with NetworkB. The 2 hubs ARE Conneted VIA a UTP Cable to link the 2 networks. OK....now some users on NetworkB MAY NOT have internet Access,so i want only allow trafic to networkA for Authorised users. WHAT I WANT TO DO: =============== I want to place a "RED HAT 9" Box between the 2 networks...this will be done why using 2 NIC's,one for the UTP Cable of NetworkA and the other for the UTP Cable for NetworkB.I think this is the right way?Hope so..... Anyways: The Linux box must be defualt to DROP all Trafic...and only allow access to sertain IP's. I think to the command to DROP all Trafic is: iptables -P INPUT DROP So now i must add rules for EACH IP that can be allowed to Enter NetworkA and het access to the internet. Im a newbie in linux,and i have read many HOWTo's: Most commands does not work and most stuff i dont understand.I don't think that what i want to do is that hard....so if ANYBODY can help me....please do........ I want the commands and code for : IP FORWARDING--> I think im going to use this right? IP TABLES --> To setup Rules Ex: ALLOW TRAFIC FROM 192.168.35.20 All allowed trafic must be able to goto the ADSL Router(192.168.35.1) and access the gateway. PLEASE HELP.............................................. THANKS!! |
Quote:
so if you write a script all by yourself first and then modify it with the suggestions of this forum, you would have better control over your network and the traffic that is moving in and out of it. Not wanting to sound philosophical ... ... if you give a fish to a hungry (wo)man, (s)he would be happy for that day, if you teach h(er)im how to fish .... (s)he would be happy for ever. |
Thats does NOT help one bit.
|
all of your network are in same subnet, right?
192.168.35.0/255.255.255.0 ? at least u must move adsl router to another segment. so linux will be able to work as a router. you dont have to change network A and B. u can block them trou thier ip or MAC address. imagine like this: adsl-----(eth1) linux (eth0)-----switches/hubs----clients. |
Oh well, just trying to help you help yourself....
Quote:
net.ipv4.ip_forward = 1 run sysctl -p to enable forwarding. Here is a very basic script you can build upon. Code:
#!/bin/sh |
Hi. Thanks for your help....See im so down becuase i really TRIED to get it working on my own,and i don't succeed :) Thats why i need people to help me now.
# Block a IPs from accesing the internet $IPT -A FORWARD -i eth1 -s ! 192.168.35.20 -j REJECT The obove: will this only block the ip: 192.168.35.20. But where do i ADD the IP's i want to ALLOW? Won;t it be better to BLOCK ALL Trafic and only Allow lets say: 192.168.35.10 and 192.168.35.11. How would the Firewall for the look like?I can just later ADD all the IP's i want to Allow? Thanks again...i really need this to work. |
Quote:
-s ! 192.168.35.20 means source ip is not 192.168.35.20. Quote:
$IPT -A FORWARD -i eth1 -s ! 192.168.35.10 -j REJECT $IPT -A FORWARD -i eth1 -s ! 192.168.35.11 -j REJECT $IPT -A FORWARD -i eth1 -s ! 192.168.35.21 -j REJECT OR take it a step further and create a new chain as in http://www.linuxquestions.org/questi...615#post990615 That is, $IPT -N privileged $IPT -A privileged -s 192.168.35.20 -j RETURN $IPT -A privileged -s 192.168.35.11 -j RETURN $IPT -A privileged -s 192.168.35.10 -j RETURN $IPT -A privileged ... and so on $IPT -A privileged -j REJECT and $IPT -A FORWARD -i eth1 -j privileged |
| All times are GMT -5. The time now is 04:44 PM. |