6

IPTABLES to block all outgoing connections except selected networks

view full story
linux-howto

http://unix.stackexchange.com – There is a firewall/gateway machine with eth0 Public and eth1 Private network (192.168.1.0). I would like to block all OUTPUT connections for private users (eth1) except couple of networks like: 123.123.123.0/24, 91.12.31.0/24 etc. as they are in our city network. There are a lot of questions here about iptables but I couldn't find a way to resolve this issue. It might also happen that some user, say, 192.168.1.10 would not be restricted to those networks. If I do: IPTABLES -P OUTPUT DROP IPTABLES -A OUTPUT -d 123.123.123.0/24 -s 192.168.1.51 -j ACCEPT ...that would make me adding rules p (HowTos)

missing's picture
Submitted by missing on 04/02/2012 – Made popular on 04/02/2012

Stories similar to IPTABLES to block all outgoing connections except selected networks

Current setup

Centos which is a Web, Mail (Postfix,Dovecot), FTP Server and Gateway with public ip and private ip (for LAN Gateway).

We are planning to implement external firewall box and bring the server to LAN

Please guide on configuring IPTables...

iptables question. 23 weeks 4 days ago

I am setting up a new squid daemon to run on my server. I want to make sure that everyone inside my network can access squid but I want to make sure everyone on the internet is blocked.

Here's what I have.

Dual homed FreePBX box. Everything works like a champ. eth0 is external. eth1 is internal. SIP provider is at 216.234.x.x.

I'm trying to configure iptables to allow everything from eth1 and lo.

[ubuntu] Iptables Help 29 weeks 5 days ago

I'm trying to set up iptables to block all traffic except ssh but, no matter what I do, it's blocking outgoing ssh. The commands that I'm using are shown below. Oddly, I can SSH into the box, just not out.

I used an online tool to create an iptables firewall. Basically I just need port 22 and 1194 open to the outside world. But I noticed this bash script has input, forward and output chains as accept by default. Is it blocking all traffic but those two ports? Thanks.

Iptables bash script 20 weeks 3 days ago

i'd like to basically drop all packets, but still allow port 22, 80 and 52533. ATM this firewall doesn't allow pinging, or for me to use yum update. How can I add that? Thanks for advice. Also is there an easier way to open port 80?

Further to my earlier question about bridging different subnets - I now need to route requests for one particular IP address differently to all other traffic.

I have the following routing in my iptables on our router:

# Allow established connections, and those !not!

I have a machine working like gateway and have two network interfaces:

eth0 LAN : 192.168.1.0/24 eth1 WAN : XXX.XXX.XXX.XXX (my public ip)

This machine has 3 VM guest over virtualbox.

I've got a small network, two interfaces, eth1(local, internal range 192.168.150.0/24) and eth0 external, static ip.

I wish to set up nat forwarding for the internal network but allow them to only connect to an external server 209.60.x.x and reject connections to all other external ips.

How do i only allow forwarding/nat to ip 209.60.x.x ?