Routing in Ubuntu

Dear Team,

I have two network 192.168.1.0 and 192.168.2.0 connected by VPN connection. At the moment, users in network 1.0 can go internet by pass router 192.168.1.1 and this router has the rule forwarded all internal application connection will through VPN tunnel.
For permit the users not to go to internet except VPN application, I built the Ubuntu server had IP 192.168.1.2 and set the default gateway of clients to this IP.
Please advise me how to do the routing in Ubuntu to forward all VPN connection to network 2 and block any internet connection.

Thank you.
DienDaiCaAsked:
Who is Participating?
 
Mohammed RahmanConnect With a Mentor Commented:
Not even the application that is mentioned on the link below.
https://forum.perfect-privacy.com/showthread.php?t=2137
0
 
Mohammed RahmanCommented:
You can probably block entire internet traffic and allow only VPN (specific IP) on the router itself. Which router are you using? Make and model?
0
 
DienDaiCaAuthor Commented:
I used Cisco 1921.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Mohammed RahmanCommented:
Use access control list (ACL) to deny all http (port 80) and https (port 443) traffic. Doing so, none of the users will be able to access internet from inside out.

deny tcp any host  eq 80
deny tcp any host  eq 443

Router01>enable
Router01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router01(config)#access-list 101 deny ip any any eq 80
Router01(config)#access-list 101 deny ip any any eq 443
Router01(config)#exit
Router01#

Router01#configure terminal
Router01(config)#interface (select your wan interface)
Router01(config-if)#ip access-group 101 out  
Router01(config-if)#exit
Router01(config)#exit
Router01#wr

wr - will save the running configuration to startup configuration.

** ip access-group 101 out will deny all http (80) and https (443) from inside network to outside network. Hence, users will not be able to access internet.

Doing so, you probably will not require a separate Ubuntu server to block internet access.

** If your VPN users need to use any http/https service, you can add "permit <IP address> commands and then Deny any any.
This will allow users to access only specified websites and block remaining all.

Hope this helps. If not, I would advice you to post this question in Cisco Routing/Firewall/Security category. You can then get best solution.
0
 
DienDaiCaAuthor Commented:
Thanks for your quick respond.

But the problem is I did not have the permission to access the router. That why I built the this Ubuntu server.

Do you have any other advise ?!
0
 
Mohammed RahmanCommented:
I apologize, I am not good with Ubuntu and its features. However, I came across a solution on link below. Looks like you have to change the DNS in conf file and point it to fake DNS server, so that the website name cannot be resolved. But, if users try to access internet using the site's IP address, they may be lucky to get onto internet.

sudo su
echo "nameserver 0.0.0.0" > /etc/resolv.conf
exit

http://ubuntuforums.org/showthread.php?t=1858121

OR

Check this out. Seems to be perfect solution for your setup.
https://forum.perfect-privacy.com/showthread.php?t=2137

Another perfect solution below.
http://serverfault.com/questions/258315/ubuntu-block-access-sites-through-internet-gateway
0
 
DienDaiCaAuthor Commented:
Sorry for the late reply,

All of these solutions could not resolve my issue.
Any idea ?!

Thank you.
0
 
DienDaiCaAuthor Commented:
Seem did not have any solutions you posted can resolved my issue.
I asked network admin to permit it on router.
Anyway, thank you for your support.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.