Hi!
Some of you will say that i should use pproxy server to do this but i really like to know how to block the websites using IPTABLES??
So i have created a script that will load a txt file that contains the IP Address of the websites the i only want my network will access.
the problem is that when i load the script i have to type only the ip address of the site to my browser to be able to access it!! and somthing else some of the site that i have included in the txt file have gave me an 403 error or forbiden to access the site!!!
so please can any one of you please help on this???
how can i access this site by typing their URL and not by the ip address and how can i access the other without having a 403 error??
HELP PLEASE!!!
Here is the script that i made:
#!/bin/sh
echo 0 > /proc/sys/net/ipv4/ip_forward
GOODIP=/etc/rc.d/goodlist.txt
LAN_IP_NET='192.168.1.0/24'
LAN_NIC='eth1'
WAN_IP='XXX.XXX.XXX.XXX'
WAN_NIC='eth0'
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 0/0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -t nat -A POSTROUTING -s $WAN_IP -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "Blocking all unwanted IP's [ OK ]"
iptables -I FORWARD -s 0/0 -d 0/0 -j DROP
iptables -I FORWARD -p udp -s 0/0 -d 0/0 --dport 53 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 80 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dprot 25 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 20 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -j ACCEPT
echo "Allowing Good IP's [ OK ]"
for x in `grep -v ^# $GOODIP | awk '{print $1}'`; do
echo "Permitting $x [ OK ]"
iptables -I FORWARD -s $x -j ACCEPT
done
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward