Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => General Networking Support in Linux => Topic started by: vasu on February 13, 2004, 05:42:30 AM
-
hi
i configured rh9.0 with nat masquerade i want now how to block ftp service.in particular nat private ip i given below my nat script and this my private ip range
this is my linux nat script i want now block spiecfiec private ip in ftp service this is my private ip range stating ip 192.168.1.2
!#/bin/sh
service ipchains stop
/sbin/rmmod ipchains
/sbin/insmod ip_tables
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain
/sbin/iptables --table nat --append POSTROUTING -s 192.168.1.2 -j MASQUERADE
-
Well...
say you want to block the ftp for 192.168.0.18 then add the following rule to end of the ur script...
/sbin/iptables -A INPUT -p tcp -s 192.168.0.18/24 --destination-port 21 -j DROP
-
#!/bin/sh
iptables=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables --flush -t nat
/sbin/iptables -A INPUT -P tcp -s 172.16.1.2/24 --destination-port 21 -j drop
hi
ricky i bloked ftp service i add above script my nat system rh9.0.i have found this error i used two lan cards one is eth0 connected internet and eth1 is connected local private ips.
iptables v1.2.7a: Can't use -P with -A
Try `iptables -h' or 'iptables --help' for more information.
-
Vasu.. r u sure you have used the above line ?
Here at my place it is not giving any error..
I think you have used. -P instead of -p . did you got it ? (use small p) :)
-
hi
ricky i add below script i have no error found rh9.0linux nat but .i checeked cilent system but i have not bloked ftp service in clilent system .what is the problem.
iptables=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables --flush -t nat
iptables -A INPUT -p tcp -s 172.15.1.2/24 --destination-port 21 -j DROP
i
-
Hi vasu,
Maybe u can try using OUTPUT option rather than INPUT?
I suspect it's ur forwarding that brings a problem.
Maybe u can show ur iptables list to us? We can see better that way. :)
Save it in a file and post it here.
Use this command: "iptables -L -n > filename"
-
hi
ricky i add script below but access contiune i did not block ftp services wht is the problem and one more i want configured transprent proxy how to it.
iptables=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables --flush -t nat
iptables -A INPUT -p tcp -s 172.15.1.2/24 --destination-port 21 -j DROP
/sbin/iptables --table nat --append POSTROUTING -s> 172.15.1.2 -j MASQUERADE
-
Firstly.. Why you address me to answer.. there are also other who can answer you!! :)
Regarding configuring squid transparent way.. http://www.linuxsolved.com/forums/viewtopic.php?t=116
ARe you using squid on your computer ?? May this is y your blocking is not working .. r u ?
-
#!/bin/sh
iptables=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables --flush -t nat
iptables -table nat --appened POSTROUTING -s 192.168.1.2 -j masquerade
hi
everyone i used above script it is working fine rh9.0 nat so i having 1mb bandwidth i have a 30 users is there in the lan so now i want each ip given only 8 kbs access in linux nat how to please given suggestion.
i