Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Routing in Ubuntu

Posted on 2013-05-09
Medium Priority
Last Modified: 2013-06-19
Dear Team,

I have two network and connected by VPN connection. At the moment, users in network 1.0 can go internet by pass router and this router has the rule forwarded all internal application connection will through VPN tunnel.
For permit the users not to go to internet except VPN application, I built the Ubuntu server had IP and set the default gateway of clients to this IP.
Please advise me how to do the routing in Ubuntu to forward all VPN connection to network 2 and block any internet connection.

Thank you.
Question by:DienDaiCa
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 39154664
You can probably block entire internet traffic and allow only VPN (specific IP) on the router itself. Which router are you using? Make and model?

Author Comment

ID: 39154770
I used Cisco 1921.
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 39157996
Use access control list (ACL) to deny all http (port 80) and https (port 443) traffic. Doing so, none of the users will be able to access internet from inside out.

deny tcp any host  eq 80
deny tcp any host  eq 443

Router01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router01(config)#access-list 101 deny ip any any eq 80
Router01(config)#access-list 101 deny ip any any eq 443

Router01#configure terminal
Router01(config)#interface (select your wan interface)
Router01(config-if)#ip access-group 101 out  

wr - will save the running configuration to startup configuration.

** ip access-group 101 out will deny all http (80) and https (443) from inside network to outside network. Hence, users will not be able to access internet.

Doing so, you probably will not require a separate Ubuntu server to block internet access.

** If your VPN users need to use any http/https service, you can add "permit <IP address> commands and then Deny any any.
This will allow users to access only specified websites and block remaining all.

Hope this helps. If not, I would advice you to post this question in Cisco Routing/Firewall/Security category. You can then get best solution.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 39158341
Thanks for your quick respond.

But the problem is I did not have the permission to access the router. That why I built the this Ubuntu server.

Do you have any other advise ?!
LVL 10

Expert Comment

by:Mohammed Rahman
ID: 39163485
I apologize, I am not good with Ubuntu and its features. However, I came across a solution on link below. Looks like you have to change the DNS in conf file and point it to fake DNS server, so that the website name cannot be resolved. But, if users try to access internet using the site's IP address, they may be lucky to get onto internet.

sudo su
echo "nameserver" > /etc/resolv.conf



Check this out. Seems to be perfect solution for your setup.

Another perfect solution below.

Author Comment

ID: 39203839
Sorry for the late reply,

All of these solutions could not resolve my issue.
Any idea ?!

Thank you.
LVL 10

Accepted Solution

Mohammed Rahman earned 1500 total points
ID: 39210211
Not even the application that is mentioned on the link below.

Author Closing Comment

ID: 39258927
Seem did not have any solutions you posted can resolved my issue.
I asked network admin to permit it on router.
Anyway, thank you for your support.

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question