iptables question
hi, I got a simple iptables question.
I got a linux server and a network with some connected pcs, I want to block the internet access to all the pcs except one in the network. can anyone tell me the command line I should use ? thanks a lot I guess it is like this: iptables -A INPUT -s ! pc with intenet -j DROP :newbie: |
Is the server acting as a gateway? Is all the TCP traffic going through it to get to the Internet?
If so, then something like what you posted should work. You could also specify it further by port and protocol. You'd still be allowing outgoing requests with that entry, but nothing coming back would get through. |
Yes, all the internet traffic is going through it and
it is acting as a gateway. would it look like this ? iptables -A INPUT -s ! 192.168.x.x -p TCP -j DROP thank you for your time |
I'd do it like this:
iptables -t nat -I PREROUTING 1 -i eth0 -p tcp -s !192.168.x.x -j DROP If the server has more than one ethernet adapter you need to specify which one you want the rule to affect. This example inserts a new rule in position 1 of the PREROUTING chain that affects packets created for new connections and drops them if the source is any IP except for 192.168.x.x. It is limited to tcp packets, although you could remove that to have it work on udp packets as well. |
sorry, It does not work,
the pcs on the network continue navigate as usual and there was no error when I declare the rule. donīt know what to do. thanks any way |
Post the output of
iptable -n -L -v and we can figure this out. |
this is it:
iptables -n -L -v Chain INPUT (policy ACCEPT 5715K packets, 2104M bytes) pkts bytes target prot opt in out source destination 712K 129M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128 0 0 REJECT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:!1:1024 flags:0x16/0x02 reject-with icmp-port-unreachable 0 0 REJECT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:!1:1024 flags:0x16/0x02 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 52669 2528K REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 reject-with icmp-port-unreachable 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:139 reject-with icmp-port-unreachable 0 0 ACCEPT tcp -- * ppp0 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:1024 0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:1024 46939 3753K ACCEPT tcp -- * eth2 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:1024 14804 9083K ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp spts:1:1024 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:5222 64257 3707K ACCEPT tcp -- * * 0.0.0.0/0 192.168.100. 68 76506 114M ACCEPT tcp -- * * 192.168.100.68 0.0.0.0/0 24314 1529K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 6608K packets, 2972M bytes) pkts bytes target prot opt in out source destination thank you very much |
iptables question
Hi, this conversation was about three days ago.
I didn't have a finale answer, can you help me figure this out ? thank you for your time. [mod - edit]Convolution removed[/mod - edit] thank you very much |
Ummm ... why did you copy and paste the entire thread
rather than just adding an new post to it to bring it back up? Cheers, Tink |
I will appreciate your help.
Sure you will have it, just tell me how I can proceed. expecting you answer. Aaron |
All times are GMT -5. The time now is 11:51 AM. |