Jason K Larson wrote:
Stephen Smith wrote:
I'm running 192.168.1.x network at home where I have several
computers. One is a Win98 box. I would like to block it from access
to the internet (no security), yet maintain its ablility to talk to
other computers and print servers on my internal network. I'm using
a separate RH9 box for my firewall with a 10.0.0.2 address talking to
my DSL Modem at 10.0.0.1, both hard coded. I've been using gShield
to configure my fw which has been rock solid for more that three
years, however, it does not have any features that I recognize to
block clients, only external hosts. So I've been trying to add rules
to iptables directly to effect blockage.
I've tried -
iptables -A INPUT -s 192.168.1.x -d 10.0.0.1 -j DROP
iptables -A INPUT -s 192.168.1.x -p ALL -d 10.0.0.1 -j DROP
iptables -A INPUT -s 192.168.1.x -p ALL --dport 80 -j DROP
iptables -A INPUT -s 192.168.1.x.-p ALL --multiport -dport
80,8080,8008,443 -j DROP
and many variations of the above. Yet none of them stop MSExplorer
from accessing the net. Not being a network guy but an Oracle guy, I
need a bit of help to solve this problem. Could someone out there
help out a floundering DBA?
Try such rules in POSTROUTING of the nat table, or in the OUTPUT or
FORWARD chains of the filter table. Obviously these need to preceed
any other rules that would move then to another chain or table as is
likely happening with your INPUT chain.
I'd personally recommend POSTROUTING of the nat table.
--
Jason K Larson
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
Thanks that worked.
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
