[rhn-users] Re: Two subnets with in LAN (Geetha Thanu)
dhaval thakar
dpthakar at rediffmail.com
Fri Nov 18 12:34:04 UTC 2005
you can use iptables to block all the trafic except for 110 25 80 443 & 3128
u can make a script or the best option is to use firewall builder u can download it from fwbuilder.org & create a firewall for ur client end network.
to setup firewall,
by default block all the in/out & forward trafic using iptable policy
then allow selected packets from the selected network.
following is the example which can be used for your network
use linux box as a gateway for ur client machine if ur using it for ms-sql u'll need to open sql port
for internet dont forget to open dns & ipforwarding else u'll not be able to send or receive mails
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -p udp --dport 53 -j ACCEPT
On Thu, 17 Nov 2005 rhn-users-request at redhat.com wrote :
>Send rhn-users mailing list submissions to
> rhn-users at redhat.com
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/rhn-users
>or, via email, send a message with subject or body 'help' to
> rhn-users-request at redhat.com
>
>You can reach the person managing the list at
> rhn-users-owner at redhat.com
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of rhn-users digest..."
>
>
>Today's Topics:
>
> 1. Two subnets with in LAN (Geetha Thanu)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Thu, 17 Nov 2005 09:25:09 +0000 (GMT)
> From: Geetha Thanu <geetha_thanu at yahoo.co.in>
>Subject: [rhn-users] Two subnets with in LAN
>To: rhn-users at redhat.com
>Message-ID: <20051117092509.21342.qmail at web8511.mail.in.yahoo.com>
>Content-Type: text/plain; charset=iso-8859-1
>
>Hello all,
>
>I am in a process of setting up new LAN in our office.
>
>when i gave IP address of the same class to servers
>and PCs, because of spywares and virus the whole
>network is getting affected..
>
>so I want to change the network as follows...
>
>
>server room 172.16.0.0 series
>
>client 192.168.0.0 series
>
>Most of the client machines are windows and hence i do
>not want the clients to
>send packets to the other network except for the
>browsing part because the proxy server IP is
>172.16.0.1
>
>can any one explain how to achieve this..
>
>should i have to have a linux machine with 2 NIC to
>act as a gateway between these 2 networks and enable
>ip forward...but actually i do not want
>any client to communicate to servers except for the
>PROXY server.
>
>thank you
>Geetha
>
>
>
>
>
>__________________________________________________________
>Enjoy this Diwali with Y! India Click here http://in.promos.yahoo.com/fabmall/index.html
>
>
>
>------------------------------
>
>_______________________________________________
>rhn-users mailing list
>rhn-users at redhat.com
>https://www.redhat.com/mailman/listinfo/rhn-users
>
>End of rhn-users Digest, Vol 21, Issue 18
>*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20051118/bb2744b8/attachment.htm>
More information about the rhn-users
mailing list