Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free. |
|
 |
05-03-2010, 02:54 PM
|
#1
|
|
LQ Newbie
Registered: May 2010
Posts: 2
Rep: 
|
iptables drop or forward host
Hello all,
how can i drop or forward a incoming connection from a part of a host like *.alicedsl.de
for example:
the user is connection from *.alicedsl.de on port 12345
so how can i drop this connection or forward to google.com on port 80
Best regards,
Michael
P.S: sorry ma poor english
|
|
|
|
|
05-03-2010, 02:56 PM
|
#2
|
|
Senior Member
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833
Rep: 
|
Even if you use a hostname iptables resolves it at original execution time to a ip address... so this wouldn't work. You would need to be using squid or dnsguardian to achieve this functionality.
|
|
|
|
|
05-03-2010, 04:17 PM
|
#3
|
|
Senior Member
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,275
Rep:
|
Quote:
Originally Posted by rweaver
Even if you use a hostname iptables resolves it at original execution time to a ip address... so this wouldn't work. You would need to be using squid or dnsguardian to achieve this functionality.
|
Would adding the IP and domain in /etc/hosts help ?
If this works, Michael can use the below line to drop packet.
Code:
iptables -A INPUT -s X.X.X.X -p tcp --dport 12345 -j DROP
iptables -A INPUT -s X.X.X.X -p udp --dport 12345 -j DROP
service iptables save; service iptables restart
|
|
|
|
|
05-03-2010, 05:47 PM
|
#4
|
|
Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by JOOKER
Hello all,
how can i drop or forward a incoming connection from a part of a host like *.alicedsl.de
for example:
the user is connection from *.alicedsl.de on port 12345
so how can i drop this connection or forward to google.com on port 80
Best regards,
Michael
P.S: sorry ma poor english
|
If you know the IP(s) of the host(s) (and you're sure they won't change), use iptables. If, however, you need to stick to the address you posted, consider using the hosts.deny file. This would require that the service(s) you're trying to keep the host(s) away from has/have TCP Wrapper support of some kind.
Last edited by win32sux; 05-03-2010 at 05:49 PM.
|
|
|
|
|
05-03-2010, 11:39 PM
|
#5
|
|
LQ Newbie
Registered: May 2010
Posts: 2
Original Poster
Rep:
|
thank you all for you great help,
after read your posts, i have googled "host.deny" and this was the perfect solution for my problem.
@win32sux: unfortunately i don't know the IPs its a german dialup dsl provider (alicedsl.de).. and i wannt to block whole provider by hostname..
...whatever it works with host.deny
Thanks again for you help guys!
---
Best regards,
Michael
|
|
|
|
|
05-04-2010, 06:03 PM
|
#6
|
|
Senior Member
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833
Rep:
|
What you will want to do is find their netblock and use iptables to drop that entirely. Basically something like (although this may not be accurate mind)...
Code:
core:~# dig www.alicedsl.de
; <<>> DiG 9.5.1-P3 <<>> www.alicedsl.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28825
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.alicedsl.de. IN A
;; ANSWER SECTION:
www.alicedsl.de. 345460 IN A 85.183.254.1
;; AUTHORITY SECTION:
alicedsl.de. 234509 IN NS ns2.hansenet.de.
alicedsl.de. 234509 IN NS ns1.hansenet.de.
;; ADDITIONAL SECTION:
ns1.hansenet.de. 83836 IN A 213.191.73.65
ns2.hansenet.de. 85754 IN A 213.191.74.20
;; Query time: 29 msec
;; SERVER: 74.200.192.133#53(74.200.192.133)
;; WHEN: Tue May 4 17:53:57 2010
;; MSG SIZE rcvd: 126
core:~# whois -h whois.arin.net 85.183.254.1
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 85.0.0.0 - 85.255.255.255
CIDR: 85.0.0.0/8
NetName: 85-RIPE
NetHandle: NET-85-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2004-04-01
Updated: 2009-05-18
# ARIN WHOIS database, last updated 2010-05-03 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
Found a referral to whois.ripe.net:43.
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '85.176.0.0 - 85.183.255.255'
inetnum: 85.176.0.0 - 85.183.255.255
org: ORG-HTG2-RIPE
netname: DE-HANSENET-20041029
descr: PROVIDER Local Registry
descr: HanseNet Telekommunikation GmbH
country: DE
admin-c: DM3738-RIPE
tech-c: SA1375-RIPE
tech-c: TG819-RIPE
tech-c: ASZ-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: HANSENET-NOC
mnt-routes: HANSENET-MNT
source: RIPE # Filtered
organisation: ORG-HTG2-RIPE
org-name: HanseNet Telekommunikation GmbH
org-type: LIR
address: HanseNet Telekommunikation GmbH
Danny Maack
Ueberseering 33a
22297 Hamburg
GERMANY
phone: +49 40 23726 0
fax-no: +49 40 23726 193996
admin-c: DM3738-RIPE
mnt-ref: HANSENET-NOC
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Danny Maack
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33 A
address: D-22297 Hamburg
address: GERMANY
phone: +49 40 237 26 0
fax-no: +49 40 237 26 3996
abuse-mailbox: abuse@hansenet.com
nic-hdl: DM3738-RIPE
mnt-by: HANSENET-MNT
source: RIPE # Filtered
person: Andreas Schwarz
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33a
address: 22297 Hamburg
address: Germany
phone: +49 40 23726 0
fax-no: +49 40 23726 3772
remarks: PGP/GPG Key ID 0x3C40103A
nic-hdl: ASZ-RIPE
mnt-by: ASZ-MNT
source: RIPE # Filtered
person: Thomas Graumann
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33 A
address: 22297 Hamburg
address: Germany
address: DE
phone: +49 40 23726 3294
fax-no: +49 4023726 3772
abuse-mailbox: abuse@hansenet.com
nic-hdl: TG819-RIPE
mnt-by: HANSENET-MNT
source: RIPE # Filtered
person: Svend Andersen
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33 A
address: D-22297 Hamburg
address: GERMANY
phone: +49 40 237 26 3235
fax-no: +49 40 237 26 3772
abuse-mailbox: abuse@hansenet.com
nic-hdl: SA1375-RIPE
mnt-by: HANSENET-NOC
source: RIPE # Filtered
% Information related to '85.176.0.0/13AS13184'
route: 85.176.0.0/13
descr: HANSENET
origin: AS13184
mnt-by: HANSENET-MNT
source: RIPE # Filtered
Which tells you basically that their ip range is 85.176.0.0 - 85.183.255.255 or 85.176.0.0/21 (8 class c blocks)... so you can block them by using an iptables rule like the following which will prevent all traffic to and from them:
Code:
iptables -A INPUT -s 85.176.0.0/21 -j DROP
iptables -A OUTPUT -d 85.176.0.0/21 -j DROP
ymmv, if you want to ditch all of europe you could drop ripe's ip ranges... which if memory serves me are 62/8, 77-91/8, 193-195/8, and a few others I can't remember... you can search for it if you want the information.
Edit: just as a clarification, alicedsl.de doesn't seem to have their own netblock so you're blocking their provider. If you have the addresses connecting to you verify those addresses are in the netblock you want to block.
Last edited by rweaver; 05-04-2010 at 06:05 PM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 07:53 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
