Login or Register to Ask a Question and Join Our Community


IP Networking

iptables allow access to one site

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking iptables allow access to one site
# 1  
Old 03-05-2014
iptables allow access to one site
Hi all

I need help with a set of iptables rules that would allow a portion of a bank of ipaddresses acces to only one or two named wbsites.

Please advise

Thank You
Ed
# 2  
Old 03-13-2014
Hi Ed,

Could you please more elaborate on your network setup, web proxy to narrow down the rules.

Regards
Satish Mekala.
# 3  
Old 03-13-2014
I need help writing iptables rules that will allow a certain range of private address (192.168.0.80-100) outgoing access to one or two specific named sites and nothing else.

Here is my current setup
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 81 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited


I do not know the exact domain names as of yet, will know soon, they are for a credit card processor.

but....

we could use any site as an example:
so 192.168.0.80-100 are allowed to go to google.com and no where else?

A proxy server is not a viable alternative right now

Thank you
# 4  
Old 03-14-2014
This should help to solve the issue.

Code:
iptables -I FORWARD 1 -p all -s 192.168.0.0/24  -d $bankIP -j ACCEPT

192.168.0.0/24 is block of network, edit according to your internal subnet.
This User Gave Thanks to tarun_nix For This Post:
phi0x
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Post Here to Contact Site Administrators and Moderators

Regarding not able to access UNIX.com site

Hello MODs/Admins, Could you please help me here as from last 6 to 7 days I(and checked with my fellow friends too) am not able to access unix.com site at all. It is very very slow, it never loads completely. Even I checked with different people and different computers it results same only,... (8 Replies)
Discussion started by: RavinderSingh13
8 Replies

2. Cybersecurity

A little iptables help for Guest Access

Hey folks, I've setup a wifi guest network on an E2500 router running TomatoUSB, that I only want to have internet access provided for. Did this by creating a separate bridge (br1), then putting it in it's own VLAN, created a virtual wifi interface, then set some firewall rules to isolate... (0 Replies)
Discussion started by: mcaramb
0 Replies

3. IP Networking

Does cisco 1921 router support site to site VPNs using IPSec?

Q: "Does Cisco 1921 router support,, act as an endpoint for, site to site VPNs using IPSec? If so, how many? " A: If you get the Cisco 1921/k9 with the security services bundle then it will have built in security features. Cisco, typically includes IP Sec tunnels I believe as part of that... (0 Replies)
Discussion started by: Ayaerlee
0 Replies

4. UNIX for Advanced & Expert Users

squid: Allow access to only one site and only via 80 or 443

Can someone please give me the conf file line to allow access to myexample.com and only that site, and only through http and https? So far I have only that site accessible via http, but all https sites are opened. Squid 3.1 on Cent 6 ---------- Post updated at 12:06 PM ---------- Previous... (0 Replies)
Discussion started by: glev2005
0 Replies

5. Solaris

Access Sharepoint site using SOAP request in unix

Hi, We are using a java application (Java 6 , Using JAX-WS 2.0 to Create a Simple Web Service) that accesses SharePoint API through web services. We were able to get the data in windows and do all operations the API allows. When we deploy this application on UNIX environment (Solaris 10)... (0 Replies)
Discussion started by: johninweb
0 Replies

6. Programming

Unable to use libcurl to access a site requiring client authentication

I’m using the below snipped for setting the certificate and key for client authentication. curl_easy_setopt(curl,CURLOPT_SSLCERT,"clientCert.pem"); curl_easy_setopt(curl,CURLOPT_SSLCERTPASSWD,"changeit"); curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM"); ... (2 Replies)
Discussion started by: old_as_a_fossil
2 Replies

7. Shell Programming and Scripting

Unable to access http site using wget through proxy

Hi there I am currently trying to access an http site using the wget utility from a solaris box. I am going through proxies to do this and we have two types of proxies. For the first one, which is a netcache proxy, I am able to use the wget command to export the proxy information export... (2 Replies)
Discussion started by: memonks
2 Replies

8. Shell Programming and Scripting

How to check site access in shell script

Hello every one, I have a little issue that has been killing me now for the past couple of days, I have tried to find solutions online, but its been hard to, ok here it goes... I have created a site that is based on amount of user that have access at a time, based on cookie. So if the browser... (1 Reply)
Discussion started by: heman007
1 Replies

9. IP Networking

port access to site to site VPN

Setup a site to site VPN between two cisco routers. One of the site locations is unable to access ports such as https://example.com:9001 How do I let them go into port 9001? They can ssh, ftp, telnet and everything else. Is this a VPN issue or ACL access issue? I put permit ip host... (0 Replies)
Discussion started by: photon
0 Replies
Login or Register to Ask a Question