How to DROP ip from behind NAT

Przemek przemek at skyline.ltd.pl
Wed Nov 16 02:07:23 CET 2005


Hi,

I have little network, server is connected by ADSL to internet with
static IP. I`m shering connection to my two machines.

My firewall.sh
IPTAB=/usr/sbin/iptables
PIP=XXX.XXX.XXX.XXX <-ADSL MODEM IP
M1=10.1.1.1 <- LOCAL IPS
M2=10.1.1.2
M3=10.1.1.3
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTAB -F INPUT 
$IPTAB -P INPUT ACCEPT
$IPTAB -F OUTPUT
$IPTAB -P OUTPUT ACCEPT
$IPTAB -F FORWARD
$IPTAB -P FORWARD ACCEPT
$IPTAB -t nat -F
$IPTAB -A FORWARD -i ppp0 -j ACCEPT
$IPTAB -A FORWARD -i eth0 -o ppp0 -j ACCEPT      
$IPTAB -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source $PIP -s $M2
$IPTAB -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source $PIP -s $M3
$IPTAB -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 <- for proxy

Now I want to block packets form 10.1.1.2 to IP YYY.YYY.YYY.YYY to PORT 22

and

Block all traffic on 10.1.1.3 but allow to connect IP YYY.YYY.YYY.YYY to PORT 80 

I`m trying to do this but I dont know how, please help me!

---
Przemek < skyline.ltd.pl / przemek@ >
ICQ: 99511187 MSN: tommyindahla -at- hotmail.com



More information about the netfilter mailing list