Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Blocking Outside



Hello,

I am trying to implent rules in the INPUT chain, to block all outside connections to the GW or LAN hosts.
My LAN uses the 10.x.x.x scheme. The GW is the Masquerading host. I want my LAN hosts to connect
to the Internet. This is what I did,

$ ipchains -A input -s 10.0.0.1 0: -p TCP -j ACCEPT

At the end of the chain, if I add,

$ipchains -A input -s 0.0.0.0/0 0: -p TCP DENY   #to reject all other hosts

my systems cannot access the Internet. If I delete the DENY rule, then my hosts can connect to the Internet.
However, I want to block outside access to my LAN. I want to block even "ping" and "traceroute" requests
from the outside.

How can I achieve this? If someone, has implemented the chain rules, for a similar setup, I would appreciate
you sharing your rules (with fake addresses). 

Thank you.

Subba Rao
subb3 at ibm.net
==============================================================
Disclaimer - I question and speak for myself.

http://pws.prserv.net/truemax/
______________________________________________________________


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org