Find the answer to your Linux question:
Results 1 to 4 of 4
I am running Mandriva 10.3. What is the simplest way to set up the machine so the web browsers will only access one specific IP address and no others? What ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 07-15-2005 #1
    vern
    vern is offline
    Just Joined!
    Join Date
    Jan 2005
    Location
    Tennessee
    Posts
    40

    Access One Ip Address

    I am running Mandriva 10.3.
    What is the simplest way to set up the machine so the web browsers will only access one specific IP address and no others? What I guess I need to know is can I block all of port 80 using IPTables, but leave it open for only one IP address, and how do I do that. Or is another firewall easier to do this with.
    Reply With Quote Reply With Quote
  2. 07-15-2005 #2
    borromini
    borromini is offline
    Linux Engineer
    Join Date
    Apr 2005
    Location
    Belgium
    Posts
    1,429
    Configure IPtables to accept output
    - on port 80
    - going to the ip address you have in mind

    and set the default policy to 'DROP', and make sure all outgoing connections are blocked (you will have to add an explicit rule for this I presume). The rule allowing outgoing traffic over port 80, to the specific IP, will overrule the general one (in that specific case only).

    Do some reading about IPtables, the syntax is not that difficult .

    After editing the configuration, restart the service to see if it detects any syntax errors.
    ** Registered Linux User # 393717 and proud of it ** Check out www.zenwalk.org
    ** Zenwalk 2.8 - Xfce 4.4 beta 2- 2.6.17.6 kernel = Slack on steroids! **
    Reply With Quote Reply With Quote
  3. 07-15-2005 #3
    vern
    vern is offline
    Just Joined!
    Join Date
    Jan 2005
    Location
    Tennessee
    Posts
    40
    I must be doing something wrong. Here is my configuration.

    Code:
    # Generated by iptables-save v1.2.9 on Fri Jul 15 14:32:03 2005
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A OUTPUT -p tcp -m tcp -d 1x1.1x7.1xx.x73 --dport 80 -j ACCEPT
COMMIT
# Completed on Fri Jul 15 14:32:03 2005
# Generated by iptables-save v1.2.9 on Fri Jul 15 14:32:03 2005
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Jul 15 14:32:03 2005
# Generated by iptables-save v1.2.9 on Fri Jul 15 14:32:03 2005
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Jul 15 14:32:03 2005
    All sites are block including the one I want access to. (The "x" are inplace of numbers)
    Does anyone see my errror?

    Found my error, the line should read:
    Code:
    -A OUTPUT -p tcp -d 1x1.1x7.1xx.x73 --dport 80 -j ACCEPT
    Thank you borromini for pointing me in the right direction.
    Reply With Quote Reply With Quote
  4. 07-15-2005 #4
    borromini
    borromini is offline
    Linux Engineer
    Join Date
    Apr 2005
    Location
    Belgium
    Posts
    1,429
    No problem, I hope it works . Once you get the syntax, it's easy to configure! You just need to do the reading first, and that can be a challenge .
    ** Registered Linux User # 393717 and proud of it ** Check out www.zenwalk.org
    ** Zenwalk 2.8 - Xfce 4.4 beta 2- 2.6.17.6 kernel = Slack on steroids! **
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules