November 22, 2024, 01:57:52 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: redhatlinux 9.0 linux ip nat in ftp block  (Read 13489 times)

Offline vasu

  • Linux Noob !
  • *
  • Posts: 19
redhatlinux 9.0 linux ip nat in ftp block
« on: February 13, 2004, 05:42:30 AM »
hi

  i configured rh9.0 with nat masquerade i want now how to block ftp service.in particular nat private ip i given below my nat script and this my private ip range


 this is my linux nat script i want now block spiecfiec private ip in ftp service this is my private ip range stating ip 192.168.1.2
!#/bin/sh
service ipchains stop
/sbin/rmmod ipchains
/sbin/insmod ip_tables
echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain

/sbin/iptables --table nat --append POSTROUTING -s 192.168.1.2 -j MASQUERADE

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
redhatlinux 9.0 linux ip nat in ftp block
« Reply #1 on: February 13, 2004, 02:22:53 PM »
Well...
say you want to block the ftp for 192.168.0.18 then add the following rule to end of the ur script...
Code: [Select]
/sbin/iptables -A INPUT -p tcp -s 192.168.0.18/24 --destination-port 21 -j DROP

Offline vasu

  • Linux Noob !
  • *
  • Posts: 19
ftp block in linux nat ip tables
« Reply #2 on: February 14, 2004, 04:52:44 PM »
#!/bin/sh
iptables=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

$iptables --flush -t nat

/sbin/iptables -A INPUT -P tcp -s 172.16.1.2/24 --destination-port 21 -j drop
                                                                               


     hi  
         ricky i bloked ftp service i  add above script  my nat system rh9.0.i have found this error i used two lan cards one is eth0 connected internet and eth1 is connected local private ips.

iptables v1.2.7a: Can't use -P with -A
 
Try `iptables -h' or 'iptables --help' for more information.

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
redhatlinux 9.0 linux ip nat in ftp block
« Reply #3 on: February 15, 2004, 05:58:45 AM »
Vasu..  r u sure you have used the above line ?
Here at my place it is not giving any error..
I think you have used. -P instead of -p . did you got it ? (use small p) :)

Offline vasu

  • Linux Noob !
  • *
  • Posts: 19
ftp block in linux nat
« Reply #4 on: February 15, 2004, 08:21:51 AM »
hi

  ricky i add below script  i have no error found rh9.0linux nat but .i checeked cilent system but i have not bloked ftp service in clilent system .what is the problem.


iptables=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

$iptables --flush -t nat

iptables -A INPUT -p tcp  -s 172.15.1.2/24 --destination-port 21 -j DROP
i

Offline dragoncity99

  • LST CareTaker
  • Experienced
  • *****
  • Posts: 551
redhatlinux 9.0 linux ip nat in ftp block
« Reply #5 on: February 15, 2004, 12:53:17 PM »
Hi vasu,

    Maybe u can try using OUTPUT option rather than INPUT?
    I suspect it's ur forwarding that brings a problem.
   
    Maybe u can show ur iptables list to us? We can see better that way. :)

    Save it in a file and post it here.

    Use this command:  "iptables -L -n > filename"

Offline vasu

  • Linux Noob !
  • *
  • Posts: 19
nat with ftp block
« Reply #6 on: February 16, 2004, 01:20:10 PM »
hi
       ricky i add script below but access contiune i did not block ftp services wht is the problem and one more i want configured transprent  proxy how to it.
   

iptables=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

$iptables --flush -t nat

iptables -A INPUT -p tcp -s 172.15.1.2/24 --destination-port 21 -j DROP
/sbin/iptables --table nat --append POSTROUTING -s> 172.15.1.2 -j MASQUERADE

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
redhatlinux 9.0 linux ip nat in ftp block
« Reply #7 on: February 16, 2004, 02:23:12 PM »
Firstly.. Why you address me to answer.. there are also other who can answer you!! :)

Regarding configuring squid transparent way.. http://www.linuxsolved.com/forums/viewtopic.php?t=116

ARe you using squid  on your computer ?? May this is y your blocking is not working .. r u ?

Offline vasu

  • Linux Noob !
  • *
  • Posts: 19
bandwidth controlle with rh9.0 nat
« Reply #8 on: February 23, 2004, 01:10:05 PM »
#!/bin/sh
iptables=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

$iptables --flush -t nat


 iptables -table nat  --appened POSTROUTING -s 192.168.1.2 -j masquerade

 
      hi  

     everyone  i used above script it is working fine rh9.0 nat so i  having 1mb bandwidth i have a 30 users is there in the lan so now i  want each ip given only 8 kbs access in linux nat how to please given suggestion.

i