Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: calvin on September 05, 2002, 05:58:41 PM

Title: Block access to Internet
Post by: calvin on September 05, 2002, 05:58:41 PM

I need to Block access to Internet to some machines, here I have a proxy to server internet to my clients, but I think that make changes in proxy configuration, and restart the proxy service, is too slow, I need something in a realtime,  somebody have I idea how to resolve this question ?

I am thinking use a ipchains rule ...




Thanks a lot...

Title: Re: Block access to Internet
Post by: Geoff Bennion on September 05, 2002, 08:45:42 PM

this is a nasty hack, but works.

route add privateipofmachine gw 127.0.0.1

eg

if you want to block private ip 10.0.0.1 you would use


route add 10.0.0.1 gw 127.0.0.1


to re-enable internet access

route delete 10.0.0.1


Geoff.

Title: Re: Block access to Internet
Post by: Max on September 05, 2002, 10:00:38 PM

A much better nasty hack (imho) is indeed an ipchains rule.
I do:

ipchains -I forward 1 -j DENY -p all -s SOMEONES_IP -d 0.0.0.0/0

which says insert a new rule in the forwarding list at position 1, deny any protocol from SOMEONES_IP to anywhere.

Title: Re: Block access to Internet
Post by: Geoff Bennion on September 06, 2002, 12:05:38 AM

I agree, but the route add is the easiest and quickest to type ( and remember )

Or, how about the low-tech solution - unplug the workstation from the network.

Title: Re: Block access to Internet
Post by: David Hardy on September 22, 2002, 02:35:21 PM

Or if you're using the logon script panel use:

1) route delete 0.0.0.0
2) route add 0.0.0.0 mask 0.0.0.0 SME_IP

Use 1) in the script for those users you want to block and 1)+2) for those you don't  - this follows them around the network quite nicely.

I use this to push some users through a very tight webfilter and others through a more relaxed one!