Find the answer to your Linux question:
Results 1 to 8 of 8
hi guys can i know how do i go about doing this with iptables? web proxy server Clients within example.com should have access clients outside of example.com should not have ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2010
    Posts
    7

    how do i block domain with iptables


    hi guys

    can i know how do i go about doing this with iptables?


    web proxy server
    Clients within example.com should have access
    clients outside of example.com should not have access


    configure pop3 server
    clients within myl33t.org should not have access to your pop3 service


    can i put the domain name in iptables or should it be ip address? and if its ip address how do i find out whats the ip address? do a ping test?

  2. #2
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,025
    Hello and Welcome!

    This should get you started: Quick HOWTO : Ch14 : Linux Firewalls Using iptables - Linux Home Networking
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  3. #3
    Just Joined!
    Join Date
    Jan 2010
    Posts
    7

    Wink

    Quote Originally Posted by jayd512 View Post
    Hello and Welcome!

    This should get you started: Quick HOWTO : Ch14 : Linux Firewalls Using iptables - Linux Home Networking[/url]
    hi jay

    ok thank you .... i will check it out..hehe

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jan 2010
    Posts
    7
    Quote Originally Posted by jayd512 View Post
    Hello and Welcome!

    This should get you started:
    ok i have read that site and am beginning to get the picture. but i have a question. HOW do i find out what range the example.com domain ip address is? whats the command i should type? i also read that its not a good idea to put a domain name inside iptables? what if that example.com domain is an internal ip?

  6. #5
    Just Joined! gkiran.linux's Avatar
    Join Date
    Jun 2008
    Location
    Hyderabad
    Posts
    6

    Smile

    Hi,

    You have to get the ip address of the domain for example.com and myl33t.org using nslookup utility by that way you can block or allow the domains through Iptables.
    lets say : the ip for example.com is 192.168.1.254 then to allow this : #iptables -I INPUT -s 192.168.1.0/24 -j ALLOW. You have to allow the entire network so that other systems can communicate with each other within the domain.

    And to block myl33t.org to access POP, assume the ip address is 172.25.0.0/16.
    #iptables -A INPUT -p tcp --dport 110 -s 172.25.0.0/16 -j REJECT

    Don't use domain name bcz generally whenever you give domain name then iptable will translate it to corresponding ip address and will block it. Later if the ip address will change then the rule will not work any more.

    Hey by the way when are you writing RHCE Exam, i think it questions will come in RHCE exam. Even i had to go through these questions in my RHCE exam. Good Luck

    Kiran
    Last edited by gkiran.linux; 01-26-2010 at 03:14 PM. Reason: Would like to add some more information

  7. #6
    Banned
    Join Date
    Feb 2010
    Posts
    31

    ip address not a good solution

    In general IPs change, you want to use a secure authentication schema with stong user/passwd combos, and/or hardware one-time keys like YubiKeys or with a VPN.

  8. #7
    Just Joined!
    Join Date
    Jan 2010
    Posts
    7
    Quote Originally Posted by ccolumbu View Post
    In general IPs change, you want to use a secure authentication schema with stong user/passwd combos, and/or hardware one-time keys like YubiKeys or with a VPN.
    hi there

    thank you for the reply. yubikeys ... hmmm ... ok i will look into it.....

  9. #8
    Banned
    Join Date
    Feb 2010
    Posts
    31

    OpenVPN

    Quote Originally Posted by elliotwilliams77 View Post
    hi there

    thank you for the reply. yubikeys ... hmmm ... ok i will look into it.....
    OpenVPN is easy to set-up and includes 2 concurrent users for free. It also supports a yubikey authentication add-on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •