On Thu, 23 May 2002, Richard Laframboise wrote: > > > Hi List, > > What is the best way to prevent a specific station to have access > to the internet ? or to assign the privilege to selected stations only ? > > The internet is made available thru a shared connexion from a LM > 8.2 server and all stations must be on the same subnet.
Under ipchains you could replace the default ruleset with another one more specific. Instead of NATting the subnet, NAT only specific hosts. The exact method you use depends on how you configure your firewall, but would be something like replacing: 192.168.1.0/255.255.255.0 with 192.168.1.10/255.255.255.255 ipchains -A forward -s 192.168.1.10/255.255.255.255 -d OUTSIDE_NETWORK - j masq You'll need to modify it slightly to work with iptables, but the principle would be the same. Your post mentions a specific station that you want to block. A quick fix may be to add another rule to explicitly deny NATting for that host. However, this goes against the principle of least privelege.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
