RES: doubt about ip ranges

"Leonardo Borda" <borda@xxxxxxxxxxxxxx> · Sun, 15 Jun 2003 17:23:44 -0300

People

	I found in
http://www.netfilter.org/documentation/pomlist/pom-base.html#iprange that
solve my problem.
	Does anyone have tested it?

thanks to all.

Best regards!

-----Mensagem original-----
De: netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]Em nome de Joel Newkirk
Enviada em: sábado, 14 de junho de 2003 12:28
Para: borda@xxxxxxxxxxxxxx
Cc: netfilter@xxxxxxxxxxxxxxxxxxx
Assunto: Re: doubt about ip ranges

On Fri, 2003-06-13 at 20:08, Leonardo Borda wrote:
> Hello,
>
> 	I have a network 192.168.25.0 and I need specify the following rules:
>
> 	192.168.24.1 to 192.168.25.33 -> just should have HTTP access.
> 	192.168.24.34 to 192.168.25.133 -> just should have FTP access.
> 	192.168.24.134 to 192.168.25.254 -> just SSH access.
>
> 	I could do it using a loop for and creatiang one rule each time for each
ip
> address. But I think this is not a best solution.
>
> 	I tried using: iptables -A FORWARD -p tcp -s 192.168.25.1-33 ... but was
> not successful.
>
> 	Is there any way to make this works ?
>
> 	Thanks!

If you are able to modify the ranges slightly, you could use this:

# 192.168.25.0-31 allowed HTTP
iptables -A FORWARD -s 192.168.25.0/27 -p tcp --dport 80 -j ACCEPT

# 192.168.25.32-63 allowed FTP
iptables -A FORWARD -s 192.168.25.32/27 -p tcp --dport 21 -j ACCEPT

# 192.168.25.64-127 allowed FTP
iptables -A FORWARD -s 192.168.25.64/26 -p tcp --dport 21 -j ACCEPT

# 192.168.25.128-255 allowed SSH
iptables -A FORWARD -s 192.168.25.128/25 -p tcp --dport 22 -j ACCEPT

j

> Atenciosamente,
>
> Leonardo Borda
> Netwall Tecnologia e Projetos - http://www.netwall.com.br
> Fone/Fax: +55 51 3235.2868
> Celular:  +55 51 9914.3039
> mailto:borda@xxxxxxxxxxxxxx
>
> 				/**  Construindo soluções em tecnologia voltadas ao seu negócio  **/
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
>

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003