LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-21-2004, 03:02 PM   #1
enrique_arong
LQ Newbie
 
Registered: Apr 2004
Posts: 24

Rep: Reputation: 15
Wink iptables question


hi, I got a simple iptables question.

I got a linux server and a network with some connected pcs,
I want to block the internet access to all the pcs except one
in the network.

can anyone tell me the command line I should use ?

thanks a lot

I guess it is like this:

iptables -A INPUT -s ! pc with intenet -j DROP



Last edited by enrique_arong; 09-21-2004 at 03:10 PM.
 
Old 09-21-2004, 03:12 PM   #2
dsegel
Member
 
Registered: Aug 2004
Location: Davis, California
Distribution: Gentoo, always Gentoo.
Posts: 159

Rep: Reputation: 30
Is the server acting as a gateway? Is all the TCP traffic going through it to get to the Internet?

If so, then something like what you posted should work. You could also specify it further by port and protocol. You'd still be allowing outgoing requests with that entry, but nothing coming back would get through.
 
Old 09-21-2004, 03:27 PM   #3
enrique_arong
LQ Newbie
 
Registered: Apr 2004
Posts: 24

Original Poster
Rep: Reputation: 15
Yes, all the internet traffic is going through it and
it is acting as a gateway.

would it look like this ?

iptables -A INPUT -s ! 192.168.x.x -p TCP -j DROP

thank you for your time
 
Old 09-21-2004, 03:39 PM   #4
dsegel
Member
 
Registered: Aug 2004
Location: Davis, California
Distribution: Gentoo, always Gentoo.
Posts: 159

Rep: Reputation: 30
I'd do it like this:

iptables -t nat -I PREROUTING 1 -i eth0 -p tcp -s !192.168.x.x -j DROP

If the server has more than one ethernet adapter you need to specify which one you want the rule to affect. This example inserts a new rule in position 1 of the PREROUTING chain that affects packets created for new connections and drops them if the source is any IP except for 192.168.x.x. It is limited to tcp packets, although you could remove that to have it work on udp packets as well.
 
Old 09-21-2004, 04:14 PM   #5
enrique_arong
LQ Newbie
 
Registered: Apr 2004
Posts: 24

Original Poster
Rep: Reputation: 15
sorry, It does not work,

the pcs on the network continue navigate as usual
and there was no error when I declare the rule.

donīt know what to do.


thanks any way
 
Old 09-21-2004, 04:36 PM   #6
dsegel
Member
 
Registered: Aug 2004
Location: Davis, California
Distribution: Gentoo, always Gentoo.
Posts: 159

Rep: Reputation: 30
Post the output of

iptable -n -L -v

and we can figure this out.

Last edited by dsegel; 09-21-2004 at 04:42 PM.
 
Old 09-23-2004, 05:06 PM   #7
enrique_arong
LQ Newbie
 
Registered: Apr 2004
Posts: 24

Original Poster
Rep: Reputation: 15
this is it:

iptables -n -L -v
Chain INPUT (policy ACCEPT 5715K packets, 2104M bytes)
pkts bytes target prot opt in out source destination

712K 129M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3128
0 0 REJECT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
tcp dpts:!1:1024 flags:0x16/0x02 reject-with icmp-port-unreachable
0 0 REJECT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
tcp dpts:!1:1024 flags:0x16/0x02 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

52669 2528K REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:139 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:139 reject-with icmp-port-unreachable
0 0 ACCEPT tcp -- * ppp0 0.0.0.0/0 0.0.0.0/0
tcp dpts:1:1024
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
tcp spts:1:1024
46939 3753K ACCEPT tcp -- * eth2 0.0.0.0/0 0.0.0.0/0
tcp dpts:1:1024
14804 9083K ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
tcp spts:1:1024
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:5222
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:5222
64257 3707K ACCEPT tcp -- * * 0.0.0.0/0 192.168.100.
68
76506 114M ACCEPT tcp -- * * 192.168.100.68 0.0.0.0/0

24314 1529K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 6608K packets, 2972M bytes)
pkts bytes target prot opt in out source destination


thank you very much
 
Old 09-27-2004, 01:03 PM   #8
enrique_arong
LQ Newbie
 
Registered: Apr 2004
Posts: 24

Original Poster
Rep: Reputation: 15
iptables question

Hi, this conversation was about three days ago.
I didn't have a finale answer,

can you help me figure this out ?
thank you for your time.

[mod - edit]Convolution removed[/mod - edit]


thank you very much

Last edited by Tinkster; 09-27-2004 at 04:29 PM.
 
Old 09-27-2004, 03:21 PM   #9
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Ummm ... why did you copy and paste the entire thread
rather than just adding an new post to it to bring it back up?


Cheers,
Tink
 
Old 09-27-2004, 03:53 PM   #10
enrique_arong
LQ Newbie
 
Registered: Apr 2004
Posts: 24

Original Poster
Rep: Reputation: 15
I will appreciate your help.

Sure you will have it, just tell me how I can proceed.
expecting you answer.

Aaron
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables question iomari Linux - Security 4 01-13-2005 01:14 AM
Iptables Question? unixfreak Linux - Security 1 09-01-2004 09:23 PM
iptables Question gauge73 Linux - Networking 3 12-14-2003 01:02 AM
IPtables Question jacovds Linux - Security 10 11-17-2003 10:46 AM
iptables question Texicle Slackware 7 01-19-2003 01:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration