iptables help

hi experts.
my linux box is sharing an internet connection to the rest of the office.
I would like to restrict 192.168.0.80 only to intranet, no internet. thanks..
kephillipsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wesly_chenCommented:
Hi,

Assume eth0 is LAN and eth1 is internet for your Linux box.
As root
# iptables -A INPUT -i eth0 -p tcp -s 192.168.0.80 -o eth1 -j DROP

Wesly
0
kephillipsAuthor Commented:
can't use -o with INPUT....
0
wesly_chenCommented:
Oops,

# iptables -A OUTPUT -p all -s 192.168.0.80 -o eth1 -j DROP
---------
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
DROP       all  --  192.168.0.80      anywhere          
------------

Wesly
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

kephillipsAuthor Commented:
ok. that works to cut off all access, but i would like to maintain the ability to have email. Just close  port 80 maybe???
0
wesly_chenCommented:
# iptables -A OUTPUT -p tcp --ports 80 -s 192.168.0.80 -o eth1 -j DROP

Wesly
0
kephillipsAuthor Commented:
unknown error --ports
0
j79Commented:

iptables -A OUTPUT -p tcp --dport 80 -s 192.168.0.80 -o eth1 -j DROP

0
MKraussCommented:

#Allow Outgoing smtp and pop
iptables -A OUTPUT -o eth1 -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --dport 110 -j ACCEPT

#Allow Incomming smtp and pop
iptables -A INPUT -o eth1 -p tcp --sport 25 -j ACCEPT
iptables -A INPUT -o eth1 -p tcp --sport 110 -j ACCEPT

#Allow smtp and pop traffic from your office with connetcion tracking:
iptables -A FORWARD -o eth1 -p tcp --dport 25  -m state --state NEW,RELATED,ESTABLISHED  -j ACCEPT
iptables -A FROWARD -o eth1 -p tcp --dport 110 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT


#Drop all local packets to outside
iptables -A OUTPUT -j DROP
#Drop all outside packets to local
iptables -A INPUT -j DROP

#Drop all forwarding packets - prevents your office to do anything to outside or vice versa
iptables -A FORWARD -j DROP

Note: dont forget that the first rule which matches casues iptables to leave the chain.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.