Re: IP-Tables Question

To: Omar <alienonearth@spymac.com>
Cc: debian-isp@lists.debian.org
Subject: Re: IP-Tables Question
From: Wouter Verhelst <wouter@nixsys.be>
Date: Fri, 28 Jan 2005 12:29:53 +0100
Message-id: <[🔎] 1106911793.7295.1.camel@country.grep.be>
In-reply-to: <[🔎] 71A7B78A-711E-11D9-B395-000393D3C56A@spymac.com>
References: <[🔎] 71A7B78A-711E-11D9-B395-000393D3C56A@spymac.com>

Op vr, 28-01-2005 te 12:19 +0100, schreef Omar:
> Hello all,
>    My question is how do I restrict access for the IP address 
> 192.168.1.2 since it is a server, and it should not be able to access 
> the internet or be accessible from the internet.  It's a Windows2002 
> server, even-though the gateway address is entered incorrectly it still 
> connects to the internet  But it should be accessible from the internal 
> network. below you will find the iptables -L, route, and the 
> iptables.rules. This company has multiple locations, and each location 
> with it's own IP 192.168.1.0 192.168.1.0 and so on...
                                       ^
I suppose that one is a typo? Or did you really configure every site on
the same subnet?

> So 192.168.1.2 should not reach the net, and should not be reachable 
> from the net, but it should be reachable from the internal network...

Run 

iptables -A FORWARD --source 192.168.1.2 -o eth0 -j REJECT

which is all it takes.

-- 
Wouter Verhelst
NixSys BVBA
Louizastraat 14, 2800 Mechelen
T:+32 15 27 69 50 / F:+32 15 27 60 51 / M:+32 486 836 198

Reply to:

Follow-Ups:
- Re: IP-Tables Question
  - From: martin f krafft <madduck@debian.org>

References:
- IP-Tables Question
  - From: Omar <alienonearth@spymac.com>

Prev by Date: IP-Tables Question
Next by Date: Re: IP-Tables Question
Previous by thread: IP-Tables Question
Next by thread: Re: IP-Tables Question
Index(es):
- Date
- Thread