Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

block access to an IP from a router
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
artworcs
Tux's lil' helper
Tux's lil' helper


Joined: 12 Jun 2005
Posts: 126
PostPosted: Thu Jul 06, 2006 5:23 pm    Post subject: block access to an IP from a router Reply with quote
So i have my router set up to do NAT. It also has two IPs for the wan interface. I was wondering how to only allow 1 ip adress on the private network to use the second IP on the wan interface.

My router configuration is like this:
Interface 1(WAN): ip1 85.xxx.xxx.xxx
ip2: 10.10.xxx.xxx

Interface 2(local network): 192.168.1.1

I want to allow NAT for all the computers nehind the router, but i don't want them to use be able to use second IP.
The reason behind this is as follows: my ISP has a dc++ server set up with a 10.xxx adress. One can only connect to that server if the ip is 10.xxx. So i need to block the usage of the second IP adress on the wan interface to only allow myself to connect to the server.
Back to top
View user's profile Send private message
Mroofka
Guru
Guru


Joined: 25 Jan 2005
Posts: 369
Location: Poland
PostPosted: Thu Jul 06, 2006 8:36 pm    Post subject: Reply with quote
Hi
I'm not sure if I understand the problem but this is what i think:

Code:
iptables -t nat - A POSTROUTING -s 192.168.your.ip -d 10.dc.serwer.ip -o eth1 -j SNAT --to-source 10.your.wan.ip
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source 85.your.wan.ip


and for sure -- but may by not nessesery
Code:
iptables -t filter -A FORWARD -s 192.168.your.ip. -j ACCEPT
iptables -t filter -A FORWARD -s 192.168.1.0/24  -j DROP


Pozdrawiam
_________________
"Make install not love"
registred linux User # 379143

"Ready for Anything; Prepared for everything; Surprised by Nothing !"
Back to top
View user's profile Send private message
artworcs
Tux's lil' helper
Tux's lil' helper


Joined: 12 Jun 2005
Posts: 126
PostPosted: Fri Jul 07, 2006 1:46 pm    Post subject: Reply with quote
Sorry, it is not working, i can connect from other computers just fine.

Part of my configuration is made through a web interface, and then i execute the following commands:
Code:

ifconfig eth1:1 10.10.110.147
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 53467 -j DNAT --to 192.168.1.9:53467
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 53468 -j DNAT --to 192.168.1.9:53468
iptables -A FORWARD -p tcp -i eth1 -d 192.168.1.9 --dport 53467 -j ACCEPT
iptables -A FORWARD -p udp -i eth1 -d 192.168.1.9 --dport 53468 -j ACCEPT


So i have eth1 with ip 85.xxx and eth1:1 with ip 10.xxx
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy