netfilter digest, Vol 1 #1200 - 8 msgs
Fri, 19 Oct 2001 09:50:42 +0530 (IST)
> Message: 1
> Reply-To: <firstname.lastname@example.org>
> From: "Manoj K Kulshresth" <email@example.com>
> To: <firstname.lastname@example.org>
> Cc: <email@example.com>
> Subject: How to STOP Few IPs from our LAN from Internet Browsing
> Date: Tue, 16 Oct 2001 10:05:03 -0700
> We have configured RED HAT LINUX Kernel 2.4 as Internet+Mail server. This is
> serving approximately 350 nodes under LAN. We want few of local IPs should
> not be allowed Internet Browsing but they should be allowed mail services.
> How we can do that please let me knwo.
> Manoj K Kulshreshth
What you can do is, have the rule sets like this
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -s IP1 --sport 1024:65535 -d IP2 --dport DP -j
iptables -A OUTPUT -p tcp -s IP2 --sport DP -d IP1 --dport 1024:65535
I will explain what these rule sets are doing.
Firstly I am droppping all the packets. And then I am allowing the
pacets from the internal IP to Browse where
IP1= the local lan ips
IP2= the mail server and the proxy server ip
DP = the port on which you are running the http server and the mailserver
nSecure Software(P) Ltd.