Network Troublshooting > General Networking Support in Linux
redhatlinux 9.0 linux ip nat in ftp block
vasu:
hi
i configured rh9.0 with nat masquerade i want now how to block ftp service.in particular nat private ip i given below my nat script and this my private ip range
this is my linux nat script i want now block spiecfiec private ip in ftp service this is my private ip range stating ip 192.168.1.2
!#/bin/sh
service ipchains stop
/sbin/rmmod ipchains
/sbin/insmod ip_tables
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
/sbin/iptables --table nat --append POSTROUTING -s 192.168.1.2 -j MASQUERADE
Ricky:
Well...
say you want to block the ftp for 192.168.0.18 then add the following rule to end of the ur script...
--- Code: ---/sbin/iptables -A INPUT -p tcp -s 192.168.0.18/24 --destination-port 21 -j DROP
--- End code ---
vasu:
#!/bin/sh
iptables=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables --flush -t nat
/sbin/iptables -A INPUT -P tcp -s 172.16.1.2/24 --destination-port 21 -j drop
hi
ricky i bloked ftp service i add above script my nat system rh9.0.i have found this error i used two lan cards one is eth0 connected internet and eth1 is connected local private ips.
iptables v1.2.7a: Can't use -P with -A
Try `iptables -h' or 'iptables --help' for more information.
Ricky:
Vasu.. r u sure you have used the above line ?
Here at my place it is not giving any error..
I think you have used. -P instead of -p . did you got it ? (use small p) :)
vasu:
hi
ricky i add below script i have no error found rh9.0linux nat but .i checeked cilent system but i have not bloked ftp service in clilent system .what is the problem.
iptables=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables --flush -t nat
iptables -A INPUT -p tcp -s 172.15.1.2/24 --destination-port 21 -j DROP
i
Navigation
[0] Message Index
[#] Next page
Go to full version