Hi,
I need your help about internet gateway. ( firewall :iptable ) Now , i key command like below but i can't use my computer at local network to use internet ( web browser + MSN )
My Objective =
- Only want computer IP 192.168.0.111 to use web+MSN ( No allow others connection such as flashget/getright/bittorence )
- No permit others computer to use internet anyway
Anyone can help me ? Thank you very much Pratchaya
######################
My Network Diagram.
ADSL Router { eth1::: My Server :::: eth0 Local network (192.168.0.xx )
################## My command line ############################ /sbin/service iptables stop
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
iptables -P FORWARD DROP iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport 80
-j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport
1863 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport 443-j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport
3128 -j ACCEPTservice iptables save ################## End My command line ############################
################## Result 1 ############################ [root@firewall ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:http ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:1863 ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:https ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:squid
Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@firewall ~]#
################## Result 2 ############################ [root@firewall ~]# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128
Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@firewall ~]#