RE: Restricted Access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi,

thanks for your responses
All my clients have fixed IP's
And are on an internal net of 192.168.0/24

This is my /etc/sysconfig/iptables

*nat
:PREROUTING ACCEPT [3803:230566]
:POSTROUTING ACCEPT [11:858]
:OUTPUT ACCEPT [13:1026]

-A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE

COMMIT

*mangle
:PREROUTING ACCEPT [15299:1685366]
:OUTPUT ACCEPT [1947:581477]

COMMIT

*filter
:INPUT DROP [2789:198491]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1953:582221]
:firewall - [0:0]

# Ban this PC
-A FORWARD -s 192.168.0.245 -i eth0 -j firewall

This is the bit that I cant get to work
I can stop the client 192.168.0.245 to get the net at all with the above
rule 
But then I want that client to be able to go to 1.2.3.4


-A FORWARD -s 192.168.0.245 -d 1.2.3.4 -p tcp -m tcp --sport 80 -j
ACCEPT 
-A FORWARD -s 192.168.0.245 -d 1.2.3.4 -p tcp -m tcp --dport 80 -j
ACCEPT

Thanks for your time

CT



-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Rob Sterenborg
Sent: Monday, July 07, 2003 6:43 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: RE: Restricted Access


> I have a very basic iptables setup to allow my windows clients to 
> access the net through iptables, What I want to do is allow some 
> clients to have full access the any websites and others to be 
> resticted to certain sites only, Can iptables do this?. Does someone 
> have an example
> or point me in the right direction     

What is your setup ?
Do your clients have fixed IP addresses ?

Example :

FULL="192.168.0/24"
RESTRICTED="192.168.1/24"
ACCESS_SITES="a.b.c.d e.f.g.h ..."

# Full access clients
iptables -A FORWARD -i <if_in> -o <if_out> -s $FULL -j ACCEPT

#Restricted access clients
for IP in $ACCESS_SITES ; do
  iptables -A FORWARD -i <if_in> -o <if_out> -s $RESTRICTED -d $IP -j
ACCEPT done


Gr,
Rob




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux