I use the following simple rules to setup my IP Masq on our network and they
work just fine
(Using RH6.1 Kernel 2.0.x)
# This is setup for IP Masq
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 10.0.0.0/24/0
/sbin/ipfwadm -A -i -P all -W ppp0
echo "IP Masq Enabled"
But I would like the ability of disabling a single machine accessing the net via
IP Masq and have been unable to figure out how to do it.
I have located this while looking through the Linux IP Masq website
http://ipmasq.cjb.net/
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example to only allow IP Masquerading for the
# 192.168.0.2 and 192.168.0.8 machines with a 255.255.255.0 or a "24"
# bit subnet mask connected to the Internet on interface eth0.
#
# ** Please change this network number, subnet mask, and your Internet
# ** connection interface name to match your internal LAN setup
#
# Please use the following in ADDITION to the simple rulesets above for
# specific MASQ networks.
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -W eth0 -S 192.168.0.2/32 -D 0.0.0.0/0
/sbin/ipfwadm -F -a m -W eth0 -S 192.168.0.8/32 -D 0.0.0.0/0
But this is a bit painful having to enter an allow by IP, I would rather just
disallow the single address.
Anyone got an idea for this ?
Thanx
Peter McCarthy
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
