Solved

Redhat9 router...

Posted on 2004-03-28
12
328 Views
Last Modified: 2010-03-18
I have succesfully setup a linux router by using 2 NIC and share the internet between them...all my pc client are gateway to my 2nd NIC where the 1st NIC is directly to Internet Connection..

2nd NIC
: ip - 192.168.168.1
  netmask - 255.255.255.0

ip client will be - 192.168.168.X
netmask - 255.255.255.0
gateway - 192.168.168.1

the first question is how to block the internet connection from my linux to the specific client in my network such as his ip is 192.168.168.10

the second question is how to block mirc port, my client always wasting time to chit chat while working...so I want to block the mirc port which will blocked the connection to mirc server...all this i want to do from linux..

thanks

0
Comment
Question by:learner79
  • 7
  • 5
12 Comments
 
LVL 8

Expert Comment

by:da99rmd
ID: 10702048
Just block the port that mirc is using in the firewall its usaly port 6667 or 6666 i think but its possible to work this around anyway, so if you have good employees they will find a way to chat anyway :)

The dont alow internet have the same solution use a firewall to block the specific ip to connect trough the server what system are you using and what is your config for the internet sharing ?

/Rob
0
 

Author Comment

by:learner79
ID: 10702129
my server is using Redhat9 and other client are XP...my server using 3 NIC where 1st NIC is connected to modem, 2nd NIC connected to Office LAN and 3rd NIC is connected to Access Point. I'm using IPTABLES

how to block temporary the internet connection to spesific client in my network from spesific command from Redhat? such as "shutdown clientIP" is that possible?
0
 

Author Comment

by:learner79
ID: 10702135
or what is the command line in redhat9 to disable the eth1(office lan) in X Window?
0
 
LVL 8

Accepted Solution

by:
da99rmd earned 100 total points
ID: 10702213
Just write as root:
#for not beeing allowed on the net.
iptables -A FORWARD -s (ip of the host not allowed on the net) -j DROP
#For not beeing allowed to use the irc.
iptables -A FORWARD -i (name of inside nic) -p tcp --dport 6666 -j DROP
iptables -A FORWARD -i (name of inside nic) -p tcp --dport 6667 -j DROP

now test this so it does what you wanted then use this command to make it permanet(still working after a restart).
/etc/init.d/iptables save

/Rob
0
 

Author Comment

by:learner79
ID: 10702222
i will try...thanks rob
0
 

Author Comment

by:learner79
ID: 10702253

i try this "iptables -A FORWARD -s (ip of the host not allowed on the net) -j DROP" it's works...but how to make it back to normall again?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:learner79
ID: 10702378
any help?
0
 

Author Comment

by:learner79
ID: 10702484
rob?
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10702511
iptables -D FORWARD -s (ip of the host not allowed on the net) -j DROP
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10702512
This will delete the rule
/Rob
0
 

Author Comment

by:learner79
ID: 10702527
Thank you so much...
0
 
LVL 8

Expert Comment

by:da99rmd
ID: 10702579
im happy to help
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now