[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SLUG] IP Masq



I use the following simple rules to setup my IP Masq on our network and they
work just fine

(Using RH6.1 Kernel 2.0.x)

# This is setup for IP Masq
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 10.0.0.0/24/0
/sbin/ipfwadm -A -i -P all -W ppp0
echo "IP Masq Enabled"

But I would like the ability of disabling a single machine accessing the net via
IP Masq and have been unable to figure out how to do it.

I have located this while looking through the Linux IP Masq website
http://ipmasq.cjb.net/

# Enable simple IP forwarding and Masquerading
#
#  NOTE:  The following is an example to only allow IP Masquerading for the
#         192.168.0.2 and 192.168.0.8 machines with a 255.255.255.0 or a "24"
#         bit subnet mask connected to the Internet on interface eth0.
#
#         ** Please change this network number, subnet mask, and your Internet
#         ** connection interface name to match your internal LAN setup
#
#         Please use the following in ADDITION to the simple rulesets above for
#         specific MASQ networks.
#
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -W eth0 -S 192.168.0.2/32 -D 0.0.0.0/0
/sbin/ipfwadm -F -a m -W eth0 -S 192.168.0.8/32 -D 0.0.0.0/0

But this is a bit painful having to enter an allow by IP, I would rather just
disallow the single address.

Anyone got an idea for this ?

Thanx

Peter McCarthy


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug