Solved

Range of ip's with ipchains?

Posted on 2000-02-17
2
211 Views
Last Modified: 2010-04-20
I'm trying to set up a firewall with ipchains on a dialin server which would allow internet access but limit access to the LAN. The dialup server is a different machine than the gateway so I need some way of denying packets that are going to the local network.I tried to use the
ipchains -A output -i eth0 -d ! x.x.x.x
-j ACCEPT

directive, where x.x.x.x is the base address of the LAN as in 192.168.8.0 but this does not work. I have a statement with Masquerading as well, but that doesn't work either(this statement may be wrong though...) I've also tried restricting access to only the gateway machine, which worked, but then I was restricted from internet access as well.
The only way I can see that it would work would be to put in individual DENY statements for each of the machines on the LAN. I really don't want to have to do this, so I was wondering if there's a way to specify a range of addresses in a DENY statement? I thought by using the base address(192.168.8.0) it would deny to all machines(192.168.8.*) but that's not the case.
Please help,

Thanks
0
Comment
Question by:tibori
2 Comments
 
LVL 3

Accepted Solution

by:
RobWMartin earned 0 total points
ID: 2532997
Out of context, I don't understand what the ipchains command you supplied is doing.  However, to get a range of addresses you can use the netmask.  Short form looks like this:

X.X.X.X/24

where the 24 is the number of bits on the left to match; in this case 24 bits means the first 3 numbers.  16 would be the first 2 numbers. etc.

Rob
0
 
LVL 3

Author Comment

by:tibori
ID: 2533049
Thanks, that's what I needed, and it worked.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now