LinuxAnswers - the LQ Linux tutorial section.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


LinkBack Search this Thread
Old 05-31-2012, 12:57 AM   #1
LQ Newbie
Registered: Feb 2012
Posts: 5
Blog Entries: 1

Rep: Reputation: Disabled
IP Tables, How to block range of ip address from ip table

Hi, chillispot
Im using chillispot software and for that using UBUNTU server my problem is
eth0 connected to Internal Network
eth1 connected to WIFI Router

chillipoint clients are accessing internet throw wifi... but they can able to access out internal network also, i want to prevent internal network immediately.

in ip table
iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP
from this command i can block one ip but i want to block entire ip to block access from external clients other then gateway

Please help me out its urgent me to block and prevent accessing those wifi clients to our internal network

all kind of helps highly appriciated
Old 05-31-2012, 01:16 AM   #2
Registered: Oct 2008
Location: Rousse, Bulgaria
Distribution: Slackware64
Posts: 86

Rep: Reputation: 22
Greetings, you could try something like
iptables -i eth1 -d -j DROP
This will drop everything coming from the interface connected to the wifi router and going to the internal network.
Old 05-31-2012, 04:05 AM   #3
LQ Newbie
Registered: Feb 2012
Posts: 5
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
hi .... thanks for your reply,
if i do that it'll block gateway also if it happen those clients cant able to talk with gateway...

and i'm really not sure wheather clients need to talk with gateway for username password verification and access adsl

thanks again looking some more solution help me pls
Old 05-31-2012, 04:25 AM   #4
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 189Reputation: 189
~ $ iptables -m iprange --help
iprange match options:
[!] --src-range ip[-ip]    Match source IP in the specified range
[!] --dst-range ip[-ip]    Match destination IP in the specified range
1 members found this post helpful.
Old 05-31-2012, 08:05 AM   #5
Registered: Oct 2008
Location: Rousse, Bulgaria
Distribution: Slackware64
Posts: 86

Rep: Reputation: 22
Well if you
iptables -A INPUT -i eth1 -d -j ACCEPT
before the
iptables -A INPUT -i eth1 -d -j DROP
it will allow packets to go to the gateway and not the internal network. The other way is to use the iprange module, but if you're using an embedded system like openwrt, chances are you don't have that one.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Error!! str2addr:Address 35 outside range of address field length 1 !!! MounaRM Linux - Networking 1 05-12-2011 11:32 PM
ERROR 1146: Table 'information_schema.tables' doesn't exist neverland Linux - Server 3 07-15-2010 02:59 PM
How to route using my own custom routing tables and not the Kernel's table WhiskeyTangoFoxtrot Linux - Networking 1 03-17-2009 10:03 AM
Is it possible to block text strings with IP tables? abefroman Linux - Security 27 06-29-2005 05:36 PM
Setting ip tables to block all traffic LinuxBAH Linux - Security 1 02-07-2004 06:15 AM

All times are GMT -5. The time now is 04:06 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration