Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping normal LAN access?
Bob
On Mon, Feb 8, 2016 at 4:10 PM, Bob Goodwin bobgoodwin@wildblue.net wrote:
Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping normal LAN access?
This is a complete SWAG but I think you would have to add two rules, one to accept traffic on your internal network, and then the 2nd to drop anything else.
Richard
Of course, after I replied it made me think of some additional words to search for and I found this, HTH:
http://www.tuxradar.com/answers/131
Thanks, Richard
On 02/08/2016 02:10 PM, Bob Goodwin wrote:
Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping normal LAN access?
Hi Bob,
Decided lack of info to go on but this will accomplish that.
If you just want the internet to be "non-existent" WRT 192.168.1.17 the easiest way is to DROP all traffic between them.
Let eth0 be the internet connected network card.
iptables -t filter -A INPUT -i eth0 -d 192.168.1.17 -j DROP iptables -t filter -A OUTPUT -o eth0 -s 192.168.1.17 -j DROP
On 02/08/16 17:21, Richard Shaw wrote:
On Mon, Feb 8, 2016 at 4:10 PM, Bob Goodwin <bobgoodwin@wildblue.net mailto:bobgoodwin@wildblue.net> wrote:
Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping normal LAN access?This is a complete SWAG but I think you would have to add two rules, one to accept traffic on your internal network, and then the 2nd to drop anything else.
Richard
I thank you for that butnever having messed with iptables before what I am looking for is an example.
Bob
On 02/08/16 17:24, Mike Wright wrote:
On 02/08/2016 02:10 PM, Bob Goodwin wrote:
Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping normal LAN access?
Hi Bob,
Decided lack of info to go on but this will accomplish that.
If you just want the internet to be "non-existent" WRT 192.168.1.17 the easiest way is to DROP all traffic between them.
Let eth0 be the internet connected network card.
iptables -t filter -A INPUT -i eth0 -d 192.168.1.17 -j DROP iptables -t filter -A OUTPUT -o eth0 -s 192.168.1.17 -j DROP
That helps, I had a router on the shelf that I decided to try openwrt on, it works slick but it doesn't have some of the access control features of Tomato and DD-WRT that I am accustomed to and requires adding code to iptables which is really beyond my skill level ... But I intend to give it a try.
Thanks to you and Richard,
Bob
-
Bob Goodwin -
Mike Wright -
Richard Shaw