nixCraft

Sir ,

I have one RETHAT AS4 server for internet. Around 300 hundred systems with win XP for different peoples. The owner of the systems knows the administrator password of their system. All peoples are in the network.

For accesing internet i gave gateway i.e server ip and DNS of ISP along with system ip and subnet as usual.

Among 300 people I want to give only 15 systems want to connect internet. For others even if they have entered gateway address and dns in the network settings , they could not able access.

Strictly speaking, what ever ips i entered using iptable , that systems only could connect internet others could not.

So may softwares available like squid but i need simple iptable rules.
How to make rules easily?

Experts can easily understand my request and i hope i can get quick response

Thanking u

I'm confused.

You have a Red Hat AS acting as router. All the XP clients are using the Red Hat box as their default gateway. And you want to use iptables on the Red Hat box to forward packets to the real default gateway based on source IP address and block all other packets?

Is that correct or am I wrong?

__________________
Kubuntu user? http://kubuntuway.net
Do you own reptiles? http://redtailconnect.net

Thanks for ur reply

sorry for making confusion

whatever ur assumption exactly correct.

My RETHAT AS4 is a router. For that i need ur answer with easy steps.

Thanks in advance.

I am waiting for ur reply.

IS RHEL 4 AS configured as router and working from XP?

Open Router configuration and only allow access from RHEL IP and block everything else

Configure RHEL as router and enable firewall

You can also install squid proxy to tight the security and browsing.

__________________
Vivek Gite
Linux Evangelist
Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group.
Always use CODE tags for posting system output and commands!
Do you run a Linux? Let's face it, you need help

IS RHEL 4 AS configured as router and working from XP?


Code:
LAN - RHEL - Router


I could not understand above statement and code. RHEL server act as a router. Clients are Winxps

Also i installed squid in the same RHEL and it is working fine. Squid I am using for blocking site and i allow internet for particular ip.That is working fine

If people are under squid for them,I gave only ip and subnet in the network settings and in the browser Tools -> Internet option -> connections -> Lan setting -> proxy server -> tick use proxy server and gave the ip address of RHEL and port address 3128. It is working fine

Problem here is , If I remove tick from use proxy server under Lan settings of the browser and in the network setting If i enter default gateway address i.e RHEL ip and DNS , I can able to browse with all sites with no restriction .

These all I explained in my first mail.

I want to allow internet for two groups

For one group of ips I dont want block any sites , they can browse always. This group i am now using iptable. i.e I filled ip ,subnet,gateway and DNS in the netwrk settings. Because this RHEL is made as a router.

For second group , I want block some sites and they are permitted for browsing some particular time . This group I am using squid in the same RHEL i.e i filled only ip, subnet and did modification in the browser settings

Problem here is that most of the second group people knows the first group setting, They simply untick the use proxy server in the browser setting and they just add gatway address and DNS. Now they can browse always without blocking any sites.

What I want is even if the second group people modify network setting .i.e adding gatway and dns and untick the use proxy, They should not able browse they should browse only what time i allow using squid.

How to make iptable rules that only allow the ips first group .

Hi there,

have you found solution to your problem ?

I do want to do exact same thing in our office.

Thanks for reply,
Kishor

Sorry,

Still i did not find the solution

Thank u

Hi,

Squid Configuration :


* Use Squid as a transparent proxy, with this settings users can browse the internet only through Squid Proxy.

* Configure Squid filtration rules as per the IP Address's which you want to allow or restrict.

IPtables Configuration :

* Block restricted IP's on IPtables for request Proxy port ( Default port 3128 )