linuxbuddies.com » Firewall http://linuxbuddies.com For linux documentations. Fri, 11 Sep 2009 10:11:58 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Block a Range of Ip Address Using IP Tables http://linuxbuddies.com/2009/09/10/block-a-range-of-ip-address-using-ip-tables/ http://linuxbuddies.com/2009/09/10/block-a-range-of-ip-address-using-ip-tables/#comments Thu, 10 Sep 2009 05:31:24 +0000 Eldo http://linuxbuddies.com/?p=349 In some cases we can seen that there is attack coming to our server from a particular range of ip, in that case we need to block only that range not the full range. In that situtation we can use iptables

Example: If attack is coming from 202.10.100.20 to range of 202.10.100.50

Use the command

iptables -A INPUT -m iprange –src-range 202.10.100.20-202.10.100.50 -J DROP

service iptables save

]]> http://linuxbuddies.com/2009/09/10/block-a-range-of-ip-address-using-ip-tables/feed/ 0 ubuntu internet sharing http://linuxbuddies.com/2008/12/23/ubunthu-network-sharing/ http://linuxbuddies.com/2008/12/23/ubunthu-network-sharing/#comments Tue, 23 Dec 2008 12:52:53 +0000 Riyesh http://linuxbuddies.com/?p=196  ubuntu-1280x1024The following will explain how to share your Internet connection:
Note: Type all the following commands in a root terminal, DO NOT use sudo.

1. Start by configuring the network card that interfaces to the other computers on you network:

# ifconfig ethX ip 

where ethX is the network card and ip is your desired server ip address (Usually 192.168.0.1 is used)

2. Then configure the NAT as follows:

# iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE 

where ethX is the network card that the Internet is coming from 

# echo 1 > /proc/sys/net/ipv4/ip_forward

3. Install dnsmasq and ipmasq using apt-get: 

# apt-get install dnsmasq ipmasq

4. Restart dnsmasq:

# /etc/init.d/dnsmasq restart

5. Reconfigure ipmasq to start after networking has been started:

# dpkg-reconfigure ipmasq

6. Repeat steps 1 and 2.
7. Add the line “net.ipv4.ip_forward = 1″ to /etc/sysctl.conf

# gedit /etc/sysctl.conf

8. Reboot. (Optional) or sysctrl -p

]]> http://linuxbuddies.com/2008/12/23/ubunthu-network-sharing/feed/ 0 How to install a Linux Server As A Gateway http://linuxbuddies.com/2008/12/22/how-to-install-a-linux-server-as-a-gateway/ http://linuxbuddies.com/2008/12/22/how-to-install-a-linux-server-as-a-gateway/#comments Mon, 22 Dec 2008 05:36:22 +0000 Riyesh http://linuxbuddies.com/?p=68 gatewayHi guys…

On this documentation… Will help you to setup linux server as a network gateway without installing any proxy softwares….

#!/bin/sh
# The interface conneected to Your LAN
INTIF=”eth1?
# The interface conneected to Internet (ppp0 or eth)
EXTIF=”eth0?
# If you have a static IP (Public IP), Use the following line. Otherwise comment following line and use the next line
EXTIP=”XXX.XXX.XXX.XXX”

EXTIP=”`/sbin/ifconfig ppp0 | grep ‘inet addr’ | awk ‘{print $2}’ | sed -e ’s/.*://’`”

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
echo “1? > /proc/sys/net/ipv4/ip_forward
echo “1? > /proc/sys/net/ipv4/ip_dynaddr
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
#End Of file
# execute this script and bring it to the startup of your system.
# Go to a client machine in your LAN, and set the gateway to the Linux server’s internal IP address, that’s all.

]]> http://linuxbuddies.com/2008/12/22/how-to-install-a-linux-server-as-a-gateway/feed/ 0