you can use iptables to block all the trafic except for 110 25 80 443 & 3128 u can make a script or the best option is to use firewall builder u can download it from fwbuilder.org & create a firewall for ur client end network. to setup firewall, by default block all the in/out & forward trafic using iptable policy then allow selected packets from the selected network. following is the example which can be used for your network use linux box as a gateway for ur client machine if ur using it for ms-sql u'll need to open sql port for internet dont forget to open dns & ipforwarding else u'll not be able to send or receive mails iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp --dport 25 -j ACCEPT iptables -A INPUT -s 192.168.0.0/255.255.255.0 -p udp --dport 53 -j ACCEPT On Thu, 17 Nov 2005 rhn-users-request@redhat.com wrote : >Send rhn-users mailing list submissions to > rhn-users@redhat.com > >To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/rhn-users >or, via email, send a message with subject or body 'help' to > rhn-users-request@redhat.com > >You can reach the person managing the list at > rhn-users-owner@redhat.com > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of rhn-users digest..." > > >Today's Topics: > > 1. Two subnets with in LAN (Geetha Thanu) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Thu, 17 Nov 2005 09:25:09 +0000 (GMT) > From: Geetha Thanu <geetha_thanu@yahoo.co.in> >Subject: [rhn-users] Two subnets with in LAN >To: rhn-users@redhat.com >Message-ID: <20051117092509.21342.qmail@web8511.mail.in.yahoo.com> >Content-Type: text/plain; charset=iso-8859-1 > >Hello all, > >I am in a process of setting up new LAN in our office. > >when i gave IP address of the same class to servers >and PCs, because of spywares and virus the whole >network is getting affected.. > >so I want to change the network as follows... > > >server room 172.16.0.0 series > >client 192.168.0.0 series > >Most of the client machines are windows and hence i do >not want the clients to >send packets to the other network except for the >browsing part because the proxy server IP is >172.16.0.1 > >can any one explain how to achieve this.. > >should i have to have a linux machine with 2 NIC to >act as a gateway between these 2 networks and enable >ip forward...but actually i do not want >any client to communicate to servers except for the >PROXY server. > >thank you >Geetha > > > > > >__________________________________________________________ >Enjoy this Diwali with Y! India Click here http://in.promos.yahoo.com/fabmall/index.html > > > >------------------------------ > >_______________________________________________ >rhn-users mailing list >rhn-users@redhat.com >https://www.redhat.com/mailman/listinfo/rhn-users > >End of rhn-users Digest, Vol 21, Issue 18 >***************************************** <a href="http://adworks.rediff.com/cgi-bin/AdWorks/sigclick.cgi/www.rediff.com/signature-home.htm/1507191490@Middle5?PARTNER=3"><IMG SRC="http://adworks.rediff.com/cgi-bin/AdWorks/sigimpress.cgi/www.rediff.com/signature-home.htm/1963059423@Middle5?OAS_query=null&PARTNER=3" BORDER=0 VSPACE=0 HSPACE=0></a>