Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Understanding IP-Forwarding with ipfwadm
  • From: "Jens Leilich" <Jens.S.Leilich@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 17 Mar 2000 11:58:53 MET
  • Message-id: <200003171100.MAA23398@xxxxxxxxxxxxxxxxxxx>
Hi,
I want to forbid single Computers connection to internet. Therefore I did the
following:
Computer E00, wegerich www-proxy
E01...
192.168.8.240--+
192.168.8.241--+---192.168.8.8<-->192.168.254.1----192.168.254.2<-->Internet
...

We use internal IP-Adresses 192.168.x.y; Router wegerich is necessary,
because 2 other schools are connect via this router. www-proxy is NOT
administered by us. squid is running on www-proxy, masquerading is
activated on all ports, so that surfing is possible withot proxy.

Now I want to disable Internet-Connection via http for a single computer by
using forwarding-rules on wegerich.
# disable proxy, works!
/sbin/ipfwadm -F -a reject -P tcp -S e00 -D 192.168.251.2 81
# enable web-server, works
/sbin/ipfwadm -F -a accept -S e00 -D 192.168.251.2
# disable rest of the world, doesn't work
/sbin/ipfwadm -F -a reject -P tcp -S e00 -D 0.0.0.0
why does the last rule not work and connection (http) is possible via masquerading?
Jens Leilich

---
jens.leilich@xxxxxxxxxxxxxxxxxxxxx, http://bbst1.lu.rp.schule.de
BBS Technik I Ludwigshafen, Franz-Zang-Str. 3-7, 67059 Ludwigshafen
Telefon +49 621 504-4110 (Anrufbeantworter) (Answering Machine)
+49 621 504-4101 (Sekretariat)
Telefax +49 621 504-3789

< Previous Next >
Follow Ups