---------- Forwarded message ---------- From: nawawi <mohd.nawawi@xxxxxxxxx> Date: Jan 8, 2007 8:21 PM Subject: Re: Limit IP To: Rob Sterenborg <rob@xxxxxxxxxxxxxxx> Hi, Thank you for your prompt reply, btw, It's not like range limit, I'm just want to know if there any solution can limit IP. The scenario like this: 1) My LAN have 254 ip's (192.168.0.0/24) 2) LAN user used both DHCP and static IP 3) By right total ip's can go out to internet 254 ip's
From above, im just want to limit the connection/ip go out to
internet, let say 10 ip's and The 10 ip's will come from range 192.168.0.1 to 192.168.0.254. Regards, nawawi On 1/8/07, Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote:
netfilter-bounces@xxxxxxxxxxxxxxxxxxx wrote: > Hi, > > does anyone know how to limit the IP connection from going out to > internet? > > example: > LAN: 192.168.0.0/24 > > but im only want to give 10 IP's go out to internet You can: - if these IP's are random in 192.168.0.0/24, put 10 rules in place which each describe which 192.168 ip can be forwarded. $ipt -A FORWARD -s 192.168.x.x [...] -j ACCEPT ... - if these IP's form a range in 192.168.0.0/24, use the range match to describe a range of ip's that can be forwarded. However, the range match is in POM-ng so you'll have to check if your install supoprts it. http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-i prange Gr, Rob
