Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: nald on April 13, 2005, 02:24:20 AM

Title: Block port80
Post by: nald on April 13, 2005, 02:24:20 AM

Hi,

Is there anyone knows how to block port 80 in a particular ip address?

I do have SME6.0.1 as our Proxy Server.  I want to block a certain ip address in accessing to net but still he can check e-mail.  This would mean that port 80 is block and port 110 and port 25 is open.

I tried to install rpm 'smeserver-ipblock_internet' but it will block the whole Internet access.
http://www.ibiblio.org/pub/linux/distributions/smeserver/contribs/aloveless/contribs/ipblock_inet/beta/

I also tried installing 'Proxy User' but it keeps on asking a login name and a password.
http://keane.co.nz/downloads/Proxy%20Users/

What i need is just a smooth blocking of port 80 in a particular ip address and still can check its own e-mails.

Thanks...

Regards,
Nald

Title: Block port80
Post by: funkusmunkus on April 13, 2005, 05:17:51 AM

hi,
this might help
http://forums.contribs.org/index.php?topic=26445.msg108600#msg108600

cheers

Title: Block port80
Post by: nald on April 13, 2005, 11:41:40 AM

funkusmunkus,

Thanks so much...It really works but i did some changes...
I created /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy
and below is the script inside the file...

/sbin/iptables -A INPUT -s 192.168.2.112 -p tcp --destination-port 3128 -i eth0 -j DROP
/sbin/iptables -A INPUT -s 192.168.2.112 -p udp --destination-port 3128 -i eth0 -j DROP

Then i run:

root# /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
root# service masq restart

The PC which is using 192.168.2.112 can't anymore access to the net using any browser but can check e-mail.

Thanks again...

Nald

Thanks again...

Nald

Title: Block port80
Post by: nald on April 14, 2005, 07:22:32 AM

funkusmunkus,

Actually it works partially.  However in my workstation PC, when i tried to configure the LAN settings inside IE6 by unchecking the "Use a proxy server...", then my pc can now access through web.

But if i configure my LAN settings by checking the "Use a proxy server..."
Address: 192.168.20.112  Port: 3128
then my pc can't anymore access through web.

Does anyone knows how to block port 80 in SME 6.0.1 using iptables without configuring anything in the workstation PC?

thanks...

Nald

Title: Block port80
Post by: funkusmunkus on April 15, 2005, 06:51:23 AM

try adding the following to block port 80 as well

Code: [Select]


/sbin/iptables -A INPUT -s 192.168.2.112 -p tcp --destination-port 80 -i eth0 -j DROP
/sbin/iptables -A INPUT -s 192.168.2.112 -p tcp --destination-port 443 -i eth0 -j DROP

or try the redirect one

Code: [Select]

#Rerouting ports 80 443 to port 3128
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128

hope that helps
cheers