This is my Ip tables
[root@hnet]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.16.83 anywhere
DROP all -- 192.168.16.48 anywhere
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
i can't stop internet access this 2 ip (192.168.16.83 and 192.168.16.48),
what wrong i am ?, i use transparent proxy ,by squid. Eth0 is internet and eth1 is Lan, i want block, Kazza,emule,and all p2p connection,cause my Bandwidth is slow,pls help me.
thanks
ip tables
Re: ip tables
squid is an http proxy and have no chance squid will deal with kazaa etcrmira wrote:This is my Ip tables
[root@hnet]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.16.83 anywhere
DROP all -- 192.168.16.48 anywhere
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
i can't stop internet access this 2 ip (192.168.16.83 and 192.168.16.48),
what wrong i am ?, i use transparent proxy ,by squid. Eth0 is internet and eth1 is Lan, i want block, Kazza,emule,and all p2p connection,cause my Bandwidth is slow,pls help me.
thanks
u need stop them at your firewall iptables use policy based nating
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear rmira,
Salam,
Use below Iptables rules. This will block access to internet and allow LAN.
# iptabels -t nat -A PREROUTING -s 192.168.16.83 -d ! 192.168.16.0/24 -j DROP
# iptabels -t nat -A PREROUTING -s 192.168.16.4 -d ! 192.168.16.0/24 -j DROP
Best Regards.
Salam,
Use below Iptables rules. This will block access to internet and allow LAN.
# iptabels -t nat -A PREROUTING -s 192.168.16.83 -d ! 192.168.16.0/24 -j DROP
# iptabels -t nat -A PREROUTING -s 192.168.16.4 -d ! 192.168.16.0/24 -j DROP
Best Regards.
Farrukh Ahmed
block Kazza ,emule,Bittorent
Thanks for ur iptables rules,its work for me,
next bittorent ,emuls,and kazza. how to control this p2p service,and how I identify who,s use p2p, i use nmap, but my user use firewall,nmap can,t discover any port, have any solution,which lan scaner is best for detection p2p port.
next bittorent ,emuls,and kazza. how to control this p2p service,and how I identify who,s use p2p, i use nmap, but my user use firewall,nmap can,t discover any port, have any solution,which lan scaner is best for detection p2p port.
Re: block Kazza ,emule,Bittorent
you can use iptstat -s on your gateway for watching requesters coming from clientsrmira wrote:Thanks for ur iptables rules,its work for me,
next bittorent ,emuls,and kazza. how to control this p2p service,and how I identify who,s use p2p, i use nmap, but my user use firewall,nmap can,t discover any port, have any solution,which lan scaner is best for detection p2p port.