netfilter digest, Vol 1 #1200 - 8 msgs
Dharmu
dharmu@nsecure.net
Fri, 19 Oct 2001 09:50:42 +0530 (IST)
> Message: 1
> Reply-To: <manoj@lisd.delhi.nic.in>
> From: "Manoj K Kulshresth" <manoj@lisd.delhi.nic.in>
> To: <netfilter@lists.samba.org>
> Cc: <brijesh@lisd.delhi.nic.in>
> Subject: How to STOP Few IPs from our LAN from Internet Browsing
> Date: Tue, 16 Oct 2001 10:05:03 -0700
>
> Dear..
>
> We have configured RED HAT LINUX Kernel 2.4 as Internet+Mail server. This is
> serving approximately 350 nodes under LAN. We want few of local IPs should
> not be allowed Internet Browsing but they should be allowed mail services.
> How we can do that please let me knwo.
>
>
> Manoj K Kulshreshth
>
> --__--__--
>
Hi Manoj
What you can do is, have the rule sets like this
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -s IP1 --sport 1024:65535 -d IP2 --dport DP -j
ACCEPT
iptables -A OUTPUT -p tcp -s IP2 --sport DP -d IP1 --dport 1024:65535
-j ACCPET
--
I will explain what these rule sets are doing.
Firstly I am droppping all the packets. And then I am allowing the
pacets from the internal IP to Browse where
IP1= the local lan ips
IP2= the mail server and the proxy server ip
DP = the port on which you are running the http server and the mailserver
Regards
Dharmendra.T
Linux Expert
nSecure Software(P) Ltd.
www.nsecure.net