Results 1 to 8 of 8
hi guys
can i know how do i go about doing this with iptables?
web proxy server
Clients within example.com should have access
clients outside of example.com should not have ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-25-2010 #1Just Joined!
- Join Date
- Jan 2010
- Posts
- 7
how do i block domain with iptables
hi guys
can i know how do i go about doing this with iptables?
web proxy server
Clients within example.com should have access
clients outside of example.com should not have access
configure pop3 server
clients within myl33t.org should not have access to your pop3 service
can i put the domain name in iptables or should it be ip address? and if its ip address how do i find out whats the ip address? do a ping test?
- 01-25-2010 #2Moderator
- Join Date
- Feb 2008
- Location
- Kentucky
- Posts
- 4,824
Hello and Welcome!
This should get you started: Quick HOWTO : Ch14 : Linux Firewalls Using iptables - Linux Home NetworkingJay
New users, read this first.
New Member FAQ
Registered Linux User #463940
I do not respond to Private Messages asking for Linux help. Please, keep it on the public boards.
- 01-25-2010 #3Just Joined!
- Join Date
- Jan 2010
- Posts
- 7
hi jay
Originally Posted by jayd512 
ok thank you .... i will check it out..hehe
- 01-26-2010 #4Just Joined!
- Join Date
- Jan 2010
- Posts
- 7
ok i have read that site and am beginning to get the picture. but i have a question. HOW do i find out what range the example.com domain ip address is? whats the command i should type? i also read that its not a good idea to put a domain name inside iptables? what if that example.com domain is an internal ip? Originally Posted by jayd512
- 01-26-2010 #5Just Joined!
- Join Date
- Jun 2008
- Location
- Hyderabad
- Posts
- 6
Hi,
You have to get the ip address of the domain for example.com and myl33t.org using nslookup utility by that way you can block or allow the domains through Iptables.
lets say : the ip for example.com is 192.168.1.254 then to allow this : #iptables -I INPUT -s 192.168.1.0/24 -j ALLOW. You have to allow the entire network so that other systems can communicate with each other within the domain.
And to block myl33t.org to access POP, assume the ip address is 172.25.0.0/16.
#iptables -A INPUT -p tcp --dport 110 -s 172.25.0.0/16 -j REJECT
Don't use domain name bcz generally whenever you give domain name then iptable will translate it to corresponding ip address and will block it. Later if the ip address will change then the rule will not work any more.
Hey by the way when are you writing RHCE Exam, i think it questions will come in RHCE exam. Even i had to go through these questions in my RHCE exam. Good Luck
KiranLast edited by gkiran.linux; 01-26-2010 at 02:14 PM. Reason: Would like to add some more information
- 02-14-2010 #6Banned
- Join Date
- Feb 2010
- Posts
- 31
ip address not a good solution
In general IPs change, you want to use a secure authentication schema with stong user/passwd combos, and/or hardware one-time keys like YubiKeys or with a VPN.
- 02-15-2010 #7Just Joined!
- Join Date
- Jan 2010
- Posts
- 7
hi there Originally Posted by ccolumbu
thank you for the reply. yubikeys ... hmmm ... ok i will look into it.....
- 02-15-2010 #8Banned
- Join Date
- Feb 2010
- Posts
- 31
OpenVPN
OpenVPN is easy to set-up and includes 2 concurrent users for free. It also supports a yubikey authentication add-on. Originally Posted by elliotwilliams77
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
