On 12/29/05, Stephen Smith <[EMAIL PROTECTED]> wrote: > I'm running 192.168.1.x network at home where I have several computers. One > is a Win98 box. I would like to block it from access to the internet (no > security), yet maintain its ablility to talk to other computers and print > servers on my internal network. I'm using a separate RH9 box for my firewall > with a 10.0.0.2 address talking to my DSL Modem at 10.0.0.1, both hard coded. > I've been using gShield to configure my fw which has been rock solid for > more that three years, however, it does not have any features that I > recognize to block clients, only external hosts. So I've been trying to add > rules to iptables directly to effect blockage. > > I've tried - > > iptables -A INPUT -s 192.168.1.x -d 10.0.0.1 -j DROP > iptables -A INPUT -s 192.168.1.x -p ALL -d 10.0.0.1 -j DROP > iptables -A INPUT -s 192.168.1.x -p ALL --dport 80 -j DROP > iptables -A INPUT -s 192.168.1.x.-p ALL --multiport -dport 80,8080,8008,443 > -j DROP > > and many variations of the above. Yet none of them stop MSExplorer from > accessing the net. Not being a network guy but an Oracle guy, I need a bit > of help to solve this problem. Could someone out there help out a > floundering DBA? > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ >
I wonder if this would work: iptables -I FORWARD -s 192.168.1.x -o eth1 -j DROP English: When source is 192.168.1.x, and its trying to go out eth1 (replace with your external interface name), drop. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
