routing server with SuSE machine (revised)
Dear my friends... We have a new sales department at our office. The internet access for this department should have some restriction. That's why I need to build a router for the LAN of this new department. Firstly, this router has 2 NIC (Ethernet). One is connected to the hub of the new LAN (belong to the new department, IP number 192.168.23.21/24) and another NIC (IP Number 192.168.23.20/24) is connected to the an internet dedicated router (IP Number 192.168.23.10/24). I also will put firewall (shorewall) on this router after this routing server works properly. Secondly, I want to make this policy as the beginning as follows: The computers whose IP number 192.168.23.240-192.168.23.254/255.255.255.0 may only visit "bloomberg.com" (204.179.240.9). So the other destination from 192.168.23.240-192.168.23.254 will be dropped (rejected). But the rest (192.168.23.1-192.168.23.239/24) may visit any internet domain (no restriction). How can I implement this with iptables? Please give me your advices... Thank you very much in advance. __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
On Thu, 2004-04-29 at 16:12, Prabu Subroto wrote:
Dear my friends...
8-) New Friends Everyday! Hi Prabu... I'm Jerry... Prabu... Ip-Tables is complicated and error prone (especially for beginers)... There fore I would highly suggest you use a program that generates the IP-Tables scripts for you. Theese applications allow you to define your rules, in a more logical way, and then generate the scripts. Using such a tool improves security by reducing the chance of an error configuring (implementing) the security... The best of theese applications is fwbuilder which has been compared (favorably) with the (mucho expensive) Check-point firewall GUI. you can find it at www.fwbuilder.org, and it is free! Jerry
participants (2)
-
Jerome R. Westrick
-
Prabu Subroto