John Joseph wrote: > Hi Chris > Thanks for the mail , my purpose is not to > black list any hosts or domain , my plan is to have > like this any clients giving any request gets directed > to a url ( where my portal is there , from there they > will be given direction how to use Internet ( may be > by only logging to portal for Internet use which uses > squid ) > For this purpose , I need to > configure , DNS server
May I suggest that futzing with dns like this is a bad way to go about what you require? As it seems you are only really concerned about web traffic (url) then perhaps a better way is to do a dynamic redirect on outbound port 80 to a local web-server. So anything that is attempted (http://xxx) will be directed straight to your local web page with instructions on it. (A far neater way than having a static IP response to any possible DNS lookup). iptables -t nat -A PREROUTING -p tcp -d ! 192.168.0.0/24 --dport 80 -j REDIRECT --to-port 8081 where your local httpd with the instruction list on it lives on the same machine on port 8081 would do the job nicely. This won't work from the machine you are executing the command from, and you do need a linux gateway on your network to do it this way, but it's neat, tidy and much cleaner. You could also do this to add: (You need to insert (I) rather than add (A) as it must come before the above rule. iptables -t nat -I PREROUTING -p tcp -s $IPADDR -j ACCEPT iptables -t nat -I PREROUTING -p tcp -s $IPADDR -j RETURN this to delete: iptables -t nat -D PREROUTING -p tcp -s $IPADDR -j ACCEPT iptables -t nat -D PREROUTING -p tcp -s $IPADDR -j RETURN Where $IPADDR is the ip address of a machine that you wish to exempt from this rule (You could maintain a series of these with some form of script if you so desired, so they get redirected to your all singing/dancing instruction page, click a button and a CGI adds them to the whitelist of allowed machines to access the web directly. You could put a timer on it or any other form of script magic to then delete the rules when you need them to be blocked again. iptables rocks -- "Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so." -- Douglas Adams ------------------------ Yahoo! Groups Sponsor --------------------~--> AIDS in India: A "lurking bomb." Click and help stop AIDS now. http://us.click.yahoo.com/VpTY2A/lzNLAA/yQLSAA/0XFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/dubailug/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
