IP-Tables Question
Hello all,
My question is how do I restrict access for the IP address
192.168.1.2 since it is a server, and it should not be able to access
the internet or be accessible from the internet. It's a Windows2002
server, even-though the gateway address is entered incorrectly it still
connects to the internet But it should be accessible from the internal
network. below you will find the iptables -L, route, and the
iptables.rules. This company has multiple locations, and each location
with it's own IP 192.168.1.0 192.168.1.0 and so on...
So 192.168.1.2 should not reach the net, and should not be reachable
from the net, but it should be reachable from the internal network...
I am pretty new to using linux routers, any and all help is
appreciated ...
Thanks in Advance
iptables.rules
# Generated by iptables-save v1.2.7a on Thu Jul 22 12:00:52 2004
*nat
:PREROUTING ACCEPT [310:17397]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination
192.168.1.101:
3389
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.3.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.2.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.4.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Jul 22 12:00:52 2004
# Generated by iptables-save v1.2.7a on Thu Jul 22 12:00:52 2004
*mangle
:PREROUTING ACCEPT [4871:2022756]
:INPUT ACCEPT [27:3503]
:FORWARD ACCEPT [4839:2018537]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [4839:2018537]
COMMIT
# Completed on Thu Jul 22 12:00:52 2004
# Generated by iptables-save v1.2.7a on Thu Jul 22 12:00:52 2004
*filter
:INPUT ACCEPT [27:3503]
:FORWARD ACCEPT [4839:2018537]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 10.0.0.0/255.255.0.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 82.150.37.0/255.255.255.128 -p tcp -m tcp --dport 22 -j
ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j DROP
COMMIT
# Completed on Thu Jul 22 12:00:52 2004
root@venus:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.0.0/16 anywhere tcp dpt:ssh
ACCEPT tcp -- 10.0.0.0/16 anywhere tcp dpt:ssh
ACCEPT tcp -- 82.150.37.0/25 anywhere tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@venus:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
82.150.37.32 * 255.255.255.224 U 0 0 0
eth0
192.168.4.0 192.168.1.1 255.255.255.0 UG 0 0 0
eth1
192.168.3.0 192.168.1.1 255.255.255.0 UG 0 0 0
eth1
192.168.2.0 192.168.1.1 255.255.255.0 UG 0 0 0
eth1
192.168.1.0 * 255.255.255.0 U 0 0 0
eth1
default liliom3.panapho 0.0.0.0 UG 0 0 0
eth0
Reply to: