Linux Forums - Linux Help,Advice & support community:LinuxSolved.com

Network Troublshooting => General Networking Support in Linux => Topic started by: vasu on February 13, 2004, 05:42:30 AM

Title: redhatlinux 9.0 linux ip nat in ftp block
Post by: vasu on February 13, 2004, 05:42:30 AM
hi

  i configured rh9.0 with nat masquerade i want now how to block ftp service.in particular nat private ip i given below my nat script and this my private ip range


 this is my linux nat script i want now block spiecfiec private ip in ftp service this is my private ip range stating ip 192.168.1.2
!#/bin/sh
service ipchains stop
/sbin/rmmod ipchains
/sbin/insmod ip_tables
echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain

/sbin/iptables --table nat --append POSTROUTING -s 192.168.1.2 -j MASQUERADE
Title: redhatlinux 9.0 linux ip nat in ftp block
Post by: Ricky on February 13, 2004, 02:22:53 PM
Well...
say you want to block the ftp for 192.168.0.18 then add the following rule to end of the ur script...
Code: [Select]
/sbin/iptables -A INPUT -p tcp -s 192.168.0.18/24 --destination-port 21 -j DROP
Title: ftp block in linux nat ip tables
Post by: vasu on February 14, 2004, 04:52:44 PM
#!/bin/sh
iptables=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

$iptables --flush -t nat

/sbin/iptables -A INPUT -P tcp -s 172.16.1.2/24 --destination-port 21 -j drop
                                                                               


     hi  
         ricky i bloked ftp service i  add above script  my nat system rh9.0.i have found this error i used two lan cards one is eth0 connected internet and eth1 is connected local private ips.

iptables v1.2.7a: Can't use -P with -A
 
Try `iptables -h' or 'iptables --help' for more information.
Title: redhatlinux 9.0 linux ip nat in ftp block
Post by: Ricky on February 15, 2004, 05:58:45 AM
Vasu..  r u sure you have used the above line ?
Here at my place it is not giving any error..
I think you have used. -P instead of -p . did you got it ? (use small p) :)
Title: ftp block in linux nat
Post by: vasu on February 15, 2004, 08:21:51 AM
hi

  ricky i add below script  i have no error found rh9.0linux nat but .i checeked cilent system but i have not bloked ftp service in clilent system .what is the problem.


iptables=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

$iptables --flush -t nat

iptables -A INPUT -p tcp  -s 172.15.1.2/24 --destination-port 21 -j DROP
i
Title: redhatlinux 9.0 linux ip nat in ftp block
Post by: dragoncity99 on February 15, 2004, 12:53:17 PM
Hi vasu,

    Maybe u can try using OUTPUT option rather than INPUT?
    I suspect it's ur forwarding that brings a problem.
   
    Maybe u can show ur iptables list to us? We can see better that way. :)

    Save it in a file and post it here.

    Use this command:  "iptables -L -n > filename"
Title: nat with ftp block
Post by: vasu on February 16, 2004, 01:20:10 PM
hi
       ricky i add script below but access contiune i did not block ftp services wht is the problem and one more i want configured transprent  proxy how to it.
   

iptables=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

$iptables --flush -t nat

iptables -A INPUT -p tcp -s 172.15.1.2/24 --destination-port 21 -j DROP
/sbin/iptables --table nat --append POSTROUTING -s> 172.15.1.2 -j MASQUERADE
Title: redhatlinux 9.0 linux ip nat in ftp block
Post by: Ricky on February 16, 2004, 02:23:12 PM
Firstly.. Why you address me to answer.. there are also other who can answer you!! :)

Regarding configuring squid transparent way.. http://www.linuxsolved.com/forums/viewtopic.php?t=116

ARe you using squid  on your computer ?? May this is y your blocking is not working .. r u ?
Title: bandwidth controlle with rh9.0 nat
Post by: vasu on February 23, 2004, 01:10:05 PM
#!/bin/sh
iptables=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

$iptables --flush -t nat


 iptables -table nat  --appened POSTROUTING -s 192.168.1.2 -j masquerade

 
      hi  

     everyone  i used above script it is working fine rh9.0 nat so i  having 1mb bandwidth i have a 30 users is there in the lan so now i  want each ip given only 8 kbs access in linux nat how to please given suggestion.

i