Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Block port80
« previous next »
Pages: [1]   Go Down

Block port80

  • 4 Replies
  • 1142 Views

Offline nald

  • ***
  • 66
  • +0/-0
    • http://www.phisl.net
Block port80
« on: April 13, 2005, 02:24:20 AM »
Hi,

Is there anyone knows how to block port 80 in a particular ip address?

I do have SME6.0.1 as our Proxy Server.  I want to block a certain ip address in accessing to net but still he can check e-mail.  This would mean that port 80 is block and port 110 and port 25 is open.

I tried to install rpm 'smeserver-ipblock_internet' but it will block the whole Internet access.
http://www.ibiblio.org/pub/linux/distributions/smeserver/contribs/aloveless/contribs/ipblock_inet/beta/

I also tried installing 'Proxy User' but it keeps on asking a login name and a password.
http://keane.co.nz/downloads/Proxy%20Users/

What i need is just a smooth blocking of port 80 in a particular ip address and still can check its own e-mails.

Thanks...

Regards,
Nald
Logged
............

Offline funkusmunkus

  • *
  • 220
  • +0/-0
Block port80
« Reply #1 on: April 13, 2005, 05:17:51 AM »
Logged
.........

Offline nald

  • ***
  • 66
  • +0/-0
    • http://www.phisl.net
Block port80
« Reply #2 on: April 13, 2005, 11:41:40 AM »
funkusmunkus,

Thanks so much...It really works but i did some changes...
I created /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy
and below is the script inside the file...

/sbin/iptables -A INPUT -s 192.168.2.112 -p tcp --destination-port 3128 -i eth0 -j DROP
/sbin/iptables -A INPUT -s 192.168.2.112 -p udp --destination-port 3128 -i eth0 -j DROP

Then i run:

root# /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
root# service masq restart

The PC which is using 192.168.2.112 can't anymore access to the net using any browser but can check e-mail.

Thanks again...

Nald

Thanks again...

Nald
Logged
............

Offline nald

  • ***
  • 66
  • +0/-0
    • http://www.phisl.net
Block port80
« Reply #3 on: April 14, 2005, 07:22:32 AM »
funkusmunkus,

Actually it works partially.  However in my workstation PC, when i tried to configure the LAN settings inside IE6 by unchecking the "Use a proxy server...", then my pc can now access through web.

But if i configure my LAN settings by checking the "Use a proxy server..."
Address: 192.168.20.112  Port: 3128
then my pc can't anymore access through web.

Does anyone knows how to block port 80 in SME 6.0.1 using iptables without configuring anything in the workstation PC?

thanks...

Nald
Logged
............

Offline funkusmunkus

  • *
  • 220
  • +0/-0
Block port80
« Reply #4 on: April 15, 2005, 06:51:23 AM »
try adding the following to block port 80 as well
Code: [Select]

/sbin/iptables -A INPUT -s 192.168.2.112 -p tcp --destination-port 80 -i eth0 -j DROP
/sbin/iptables -A INPUT -s 192.168.2.112 -p tcp --destination-port 443 -i eth0 -j DROP

or try the redirect one
Code: [Select]
#Rerouting ports 80 443 to port 3128
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128

hope that helps
cheers
Logged
.........
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Block port80