Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => General Networking Support in Linux => Topic started by: sathish on December 13, 2003, 03:51:13 AM
-
Hello,
I am using RedHat 9.0, We are having 50 clients in the office. I have done masquerade to share the net from Linux server to windows clients.
I want to block all websites except 2 to 3 websites we use.
Ex : google.com, altavista.com and alltheweb.com.
In the clients side. I want to access only the above said websites. And remaining all websites to be blocked. Is it possible.. If yes, please give me the steps to be followed. :?:
Thank you,
Sathish.
-
It depends upon wht are u currently using ??
If you are using squid then you can easily block them !! also iptables can be used !! so wht are u using rt now ?
-
Hi Ricky,
We are using for searching for a Medicines names. As we are related for a Medical company. I want to block through iptables.
-
Go for squid .. it is better for this type of jobs.. or filtering..
-
Well i can tell you how to block a specific site..
iptables -A FORWARD -d domain.com -j DROP
-
Hi Guy's
i got the same promblem i really want to block all the sites and accepts only the others that i like!
can please someone here help me???? im using iptables coz im having problem on configurong squid! :D thanks in advance!
-
i created a script the will call a txt file contains the ip address of the site that i only want to access. but im getting some some problems like
1. when i access some site it gaves me 403 error but some of it i can accesss!
2. i can only type ip address to access the site if i type the url of the site i cant access is!
can please some one help me on this???
here is the script that i made:
#!/bin/sh
# Disable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
GOODIP=/etc/rc.d/goodlist.txt
LAN_IP_NET='192.168.1.0/24'
LAN_NIC='eth1'
WAN_IP='xxx.xxx.xxx.xxx'
WAN_NIC='eth0'
# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 0/0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j ACCEPT
# enable Masquerade and forwarding
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -t nat -A POSTROUTING -s $WAN_IP -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Blocking all unwanted IP's [ OK ]"
iptables -I FORWARD -s 0/0 -d 0/0 -j DROP
iptables -I FORWARD -p udp -s 0/0 -d 0/0 --dport 53 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 80 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dprot 25 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 20 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -j ACCEPT
echo "Allowing Good IP's [ OK ]"
for x in `grep -v ^# $GOODIP | awk '{print $1}'`; do
echo "Permitting $x [ OK ]"
iptables -I FORWARD -s $x -j ACCEPT
done
# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
-
Have you checked SafeSquid?
SafeSquid is Contenet filtering Internet Proxy.
SafeSquid helps you to achieve more productivity.
I am just mentioning few features of SafeSquid.
*STOP Getting lured by fraudulent web-links to visit pornographic sites,
*BLOCK Advertisement pop-ups that drive you crazy,
*PREVENT Employees wasting business-hours and resources on needless downloads,
*PREVENT Computers getting infected with viruses / Trojan by a visit to innocent looking web-sites
You can visit the site www.safesquid.com & also their support forum at www.safesquid.com/forum