I did a special NAT-Firewall box for a dialup server..
I use the rules like that..
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.2.0/23 -o eth0 -j SNAT --to PUBLIC_IP1
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.4.0/23 -o eth0 -j SNAT --to PUBLIC_IP2
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.6.0/23 -o eth0 -j SNAT --to PUBLIC_IP3
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.8.0/23 -o eth0 -j SNAT --to PUBLIC_IP4
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.10.0/23 -o eth0 -j SNAT --to PUBLIC_IP5
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.12.0/23 -o eth0 -j SNAT --to PUBLIC_IP6
now.. i need to set for examples the class 10.20.10.0/23 to browse only www.microsoft.com and www.ibm.com.
How can i modify my chain ?
I have try to insert a -t nat -A OUTPUT or a -t nat -A PREROUTING rules but nothing is blocking the browsinf over internet..
Any idea ?
Simone Sestini [ SS971-RIPE ]
Plug IT s.p.a. - Technical Office
Via Galileo Ferraris 216
52100 Arezzo
Titles:
System and Network Administrator
Data Transmission Manager
Fax
Web
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
