Please help me block WWW to MASQ'ed IP's with IPTABLES
Justin Michael
jmichael@web3.fibercitynetworks.net
Mon, 28 Jan 2002 19:43:47 -0500
On Mon, Jan 28, 2002 at 04:23:41PM -0800, brandon wrote:
>
> Hi,
>
> I am building a router/firewall on a redhat 7.2, Kernal 2.4,
> using IPTABLES to replace an ageing LRP firewall solution
> using IPCHIANS.
I'm not sure I have enough info, because this is confusing:
> OFFNET="192.12.20.0/24"
> OFFIP="192.12.20.133/24"
Shouldn't offnet be 192.168.0.0/24? I'm assuming that offnet
is short for office network. but here's what I would add:
EXECS="192.168.0.14 192.168.0.15 192.168.0.40"
for EXEC in $EXECS; do
/sbin/iptables -I FORWARD -p tcp --dport 80:83 -s $EXEC -j ACCEPT
done
/sbin/iptables -A FORWARD -p tcp --dport 80:83 -s $OFFNET -j DROP
The -I inserts the rules at the head of the forward chain.
The -A appends the rule at the end of the forward chain.
Of course, replace the ips in EXECS with the actual executive users'
IPs.
The FORWARD chain is for packets from the Internal network to the
Internet and vise versa. The INPUT chain is for packets TO this
firewall. The OUTPUT chain is for packets FROM this firewall.
--j