|
Thanks Tony
----- Original Message -----
Sent: Friday, September 06, 2002 10:38
AM
Subject: Re: IPCHAINS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On
05-Sep-2002/14:58 +0800, Toto Gamez <[EMAIL PROTECTED]>
wrote:
>I have rh 7.2 used for internet sharing but I want to restrict
other
>users to send and received email only. Our email server
is
>located/maintained by our isp. How can I do that using
IPCHAINS.
If the restricted users are all on a certain subnet, you can
block them
like
this:
int=eth0
smtpserver=IP_Address_of_SMTP
pop3server=IP_Address_of_POP3
onlymail=192.168.1.0/255.255.255.0
ipchains
--append forward --interface $int --source $onlymail \
--destination
$smtpserver smtp --jump MASQ
ipchains --append forward --interface $int
--source $onlymail \
--destination $pop3server pop3 --jump
MASQ
ipchains --append forward --interface $int --source ! $onlymail
\
--destination ! $HOSTNAME --jump MASQ
Those rules should
allow packets from the $onlymail subnet that arrive at
the internal
interface ($int) to be forwarded only if they are going to
the SMTP or POP3
ports on the ISP's mail server. You may need to make some
adjustments
depending on the rest of your ipchains setup.
Tony
- --
Anthony
E. Greene <mailto:[EMAIL PROTECTED]%3E>
OpenPGP
Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94
239D
AOL/Yahoo Messenger: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux.
The choice of a GNU generation <http://www.linux.org/>
-----BEGIN
PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E.
Greene <mailto:[EMAIL PROTECTED]>
0x6C94239D
iD8DBQE9eBUUpCpg3WyUI50RAnkIAKD96e8z0Th83fO1Phdxdb76QLuUfwCg6C2p
SLl9oB8Z7ItPDZc3DzSLVAE=
=yI2q
-----END
PGP SIGNATURE-----
|
