Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Blocking Domains (or IPs) for Masq.'ed boxes via IPTABLES
Results 1 to 2 of 2

Thread: Blocking Domains (or IPs) for Masq.'ed boxes via IPTABLES

  1. #1

    Blocking Domains (or IPs) for Masq.'ed boxes via IPTABLES

    Hey Forum,

    Struggling with an issue and looking for help. I run a RH7.3 box that serves as a firewall for a number of other computers on the inside. I used Bob Sully's firewall scripts and configuration ( Link: http://www.malibyte.net/iptables/scripts/fwscripts.html ). The firewall is great, fast efficient, and easy to set-up.

    However, I have a need to block certain sights from my internal clients. I don't want to use proxy, because the users have figured out how to get around it. What I would like to do is just have the firewall drop all connections to certain ips.

    The firewall scripts allow for this by having a iptables.banned file where you can list any IP's that you want dropped, here is the excerpt from the code that works with the iptables.banned file;

    #
    # This chain drops connections from IPs in the firewall.banned file
    #

    iptables -N Banned

    iptables -A Banned -p tcp -m limit --limit 1/s -j LOG --log-prefix "[TCP Banned] " --log-level=info
    iptables -A Banned -p udp -m limit --limit 1/s -j LOG --log-prefix "[UDP Banned] " --log-level=info
    iptables -A Banned -p icmp -m limit --limit 1/s -j LOG --log-prefix "[ICMP Banned] " --log-level=info
    iptables -A Banned -f -m limit --limit 1/s -j LOG --log-prefix "[FRAG Banned] " --log-level=info
    iptables -A Banned -j DROP


    What I have found is that when I enter IP's in the .banned file, it works like a charm for the Firewall box ONLY. Any computers on Masqued on the inside can still connect without a problem.

    Any ideas on what I can do to lock out the internal clients?

    Thanks in advance.

    -holio.

  2. #2
    Nevermind.

    I contacted Mr Sully, and he sent me the latest version of the script, and now it works like a charm!

Similar Threads

  1. Switching boxes
    By Kejpa in forum Linux - General Topics
    Replies: 1
    Last Post: 12-05-2008, 02:19 PM
  2. Transparent Airbase to wireless AP MASQ, need help!
    By Revelati in forum Linux - Hardware, Networking & Security
    Replies: 3
    Last Post: 11-12-2008, 05:06 PM
  3. Will masq work?
    By airhead in forum Linux - Hardware, Networking & Security
    Replies: 8
    Last Post: 09-17-2002, 08:50 PM
  4. html boxes
    By gmoreno in forum Linux - Software, Applications & Programming
    Replies: 5
    Last Post: 05-02-2002, 05:00 AM
  5. Blocking hosts with iptables
    By krinkstar in forum Security
    Replies: 4
    Last Post: 12-12-2001, 09:39 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •