| View previous topic :: View next topic |
| Author |
Message |
AntiX
Tux's lil' helper
Joined: 04 Oct 2003
Posts: 76
Location: Edmonton
|
 Posted: Thu Jan 27, 2005 4:19 am Post subject: iptables, server with more then 1 assigned ip |
 |
|
I have a server with 11 ips assigned to it, so I can set multiple server programs on each ip address. Now, I'm curious, is it possible to ban different ips for each local ip, for example:
ip, 192.168.0.100, ban 1.2.3.4
ip, 192.168.0.101, ban 11.22.33.44
etc, etc
so that people with a banned ip on one server program, can still access another, which is on the same host.
Sorry, not sure of an easier way to explain, lol, otherwise I would of found this answer with google
P.S. also if possible, how? (I'm sure its possible, hopefully with iptables)
Thanx for any help in advance 
_________________
In Nomine AntiX
Distort! |
|
| Back to top |
|
 |
moocha
Watchman
Joined: 21 Oct 2003
Posts: 5722
|
| Posted: Thu Jan 27, 2005 4:50 am Post subject: |
|
|
It's not clear what you mean. If you mean you want people from 192.168.0.100 to not be able to access 1.2.3.4, you'd go
| Code: | | iptables -A INPUT -d 192.168.0.100 -s 1.2.3.4 -j DROP |
If you want people from 1.2.3.4 to not being able to access 192.168.0.100, you'd go | Code: | | iptables -A INPUT -d 1.2.3.4 -s 192.168.0.100 -j DROP |
Ensure the lines end up at the proper place in the filter table. You might want to use -I INPUT number instead of -A INPUT which appends at the end.
For more, see the iptables tutorial.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
| Back to top |
|
|
AntiX
Tux's lil' helper
Joined: 04 Oct 2003
Posts: 76
Location: Edmonton
|
| Posted: Thu Jan 27, 2005 4:53 am Post subject: |
|
|
oh sweet, so I can tell iptables exactly what I want, I assume I have to be root to do this, but maybe I can confure sudo(which I never wanted to touch, but for my project I may have to) again thanx for your help 
P.S. I allow people to connect via ssh(I have replaced their shell with one I made, and I want to have an option in that shell menu, for them to ban ips via iptables) this is my goal anyways.
Thanx again for the quick reply
also, *edit btw* I never really used iptables in command line(which I wanted to do anyways, but got lazy thanks to webmin, command line is the only way for scripting in my books) but how would I remove an ip the same way -A appends, or would I have to grep/awk the ini file to remove it(I'm thinking for scripting reasons)
_________________
In Nomine AntiX
Distort! |
|
| Back to top |
|
|
moocha
Watchman
Joined: 21 Oct 2003
Posts: 5722
|
| Posted: Thu Jan 27, 2005 5:21 am Post subject: |
|
|
It'd be pointless for me to duplicate that tutorial here now, wouldn't it? If you mess with your firewall it's a good idea to first understand what you're doing, otherwise it may completely break, or it may just not work as you expected.
And yes, you need root capabilities for anything related to the firewall.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
| Back to top |
|
|
AntiX
Tux's lil' helper
Joined: 04 Oct 2003
Posts: 76
Location: Edmonton
|
| Posted: Thu Jan 27, 2005 5:41 am Post subject: |
|
|
thanks alot, I will look at that,  the main thing is, now I know its possible, either way, I think I will post the script, when I'm done, it may of use to some of the cummunity.
Again, I used webmin  and have a good understanding of firewalls, just new to the iptables command.
_________________
In Nomine AntiX
Distort! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
