LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-27-2008, 06:34 PM   #1
tallmtt
Member
 
Registered: Jun 2005
Location: Georgia, USA
Distribution: Arch, Gentoo, Ubuntu
Posts: 91

Rep: Reputation: 15
Shorewall help needed to send an ip only to a specific address


I have set up a firewall on my server/router and would like to send anyone with a specific IP (such as 192.168.1.130) to my firewall (running apache - with IP 192.168.1.1) when they attempt to access the internet (but everyone else with other IPs could continue on to the internet.

I am confused with the terminology. I am using webmin with shorewall. I think under rules, I need my loc zone with the specific IP address to either REDIRECT or DNAT to another IP, but the phrasing is unhelpful in the documentation.

Any and all help is appreciated! Thanks.

FYI: My zones are "loc" for inner network, "net" for internet, and "fw" for firewall.
 
Old 07-29-2008, 03:29 AM   #2
jomen
Senior Member
 
Registered: May 2004
Location: Leipzig/Germany
Distribution: Arch
Posts: 1,687

Rep: Reputation: 54
All traffic is flowing through the firewall - else it would be useless.
The firewalls rules are applied to that traffic.
You want to block specific IP's inside your LAN from making outgoing connections to the internet while allowing all others to do that?

Maybe rephrasing it this way helps?
 
Old 07-30-2008, 10:13 AM   #3
tallmtt
Member
 
Registered: Jun 2005
Location: Georgia, USA
Distribution: Arch, Gentoo, Ubuntu
Posts: 91

Original Poster
Rep: Reputation: 15
The more lengthy story is that I have split my network in dhcpd.conf file with specific IP's given to trusted hosts (via MAC addresses), and for all other clients I want to provide a non-encrypted network that goes to one site - On my firewall.

I do not want them to reach the Internet!

So as you said...

Quote:
You want to block specific IP's inside your LAN from making outgoing connections to the internet while allowing all others to do that?
Yes.

Thanks for having me clarify - hopefully it helps
 
Old 08-02-2008, 10:47 PM   #4
tallmtt
Member
 
Registered: Jun 2005
Location: Georgia, USA
Distribution: Arch, Gentoo, Ubuntu
Posts: 91

Original Poster
Rep: Reputation: 15
Unhappy

I still have been unable to solve this - Anyone with any ideas?
 
Old 08-03-2008, 01:52 AM   #5
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 61
Do you want to only redirect port 80/443 (HTTP/HTTPS) traffic? What do you want to occur for all other TCP/IP traffic for the restricted clients?
 
Old 08-05-2008, 06:27 PM   #6
tallmtt
Member
 
Registered: Jun 2005
Location: Georgia, USA
Distribution: Arch, Gentoo, Ubuntu
Posts: 91

Original Poster
Rep: Reputation: 15
If someone could direct me in how to redirect ports 80/443 I could figure out how to add/change anything in the future.

For now, just redirecting ports 80 and 443 would be sufficient to help me out - thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Send outgoing mail to a specific IP address and port starkhorn Linux - Software 1 01-31-2008 05:20 PM
how to setup exim to send mail for specific user(s) - I have dynamic IP aholovsky Linux - Networking 2 11-25-2006 06:19 PM
download mail from pop3 elsewhere and send to specific folder robbyridz Linux - Networking 1 03-28-2006 01:16 PM
Can I deny access based on mac or IP address with shorewall? enigma_0Z Linux - Networking 1 06-02-2005 04:15 PM
How to allow mail relay of specific IP address Stev Linux - Networking 2 02-13-2004 06:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration