[LARTC] Not routing for 1 host?

[LARTC] Not routing for 1 host?

[Joost Kraaijeveld]

Hi,

I want to stop routing for 1 particular host in my network. I thought that this would do it:

iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP
iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP

But that still shows traffic. What is the corract way to do that?

Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
e-mail: J.Kraaijeveld@Askesis.nl
web: www.askesis.nl 
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Not routing for 1 host?

[Martin Volf]

Joost Kraaijeveld wrote:

> Hi,
> 
> I want to stop routing for 1 particular host in my network. I thought that this would do it:
> 
> iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP
> iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP
> 
> But that still shows traffic. What is the corract way to do that?

Hello,

maybe

iptables -I FORWARD -d aaa.bbb.ccc.ddd -j DROP
iptables -I FORWARD -s aaa.bbb.ccc.ddd -j DROP

Martin
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Not routing for 1 host?

[Dmytro O. Redchuk]

On Tue, Apr 04, 2006 at 08:55:37AM +0200, Joost Kraaijeveld wrote:
> Hi,
> 
> I want to stop routing for 1 particular host in my network. I thought that this would do it:
> 
> iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP
> iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP
> 
> But that still shows traffic. What is the corract way to do that?
If you'd like to do it in this way -- use FORWARD instead of INPUT.
Forwarded traffic never travels INPUT/OUTPUT chains.

The same but better, possibly:

#
iptables -I FORWARD 1 -i <input_iface>  -s aaa.bbb.ccc.ddd -j DROP

# if host is not being NAT'ed:
iptables -I FORWARD 1 -i <output_iface> -d aaa.bbb.ccc.ddd -j DROP

Start with this, and read the manual :-)
(You shouldn't use `-D' above anyway)


You could use policy routing, too, I guess.

> 
> Groeten,
> 
> Joost Kraaijeveld
> Askesis B.V.
> Molukkenstraat 14
> 6524NB Nijmegen
> tel: 024-3888063 / 06-51855277
> fax: 024-3608416
> e-mail: J.Kraaijeveld@Askesis.nl
> web: www.askesis.nl 

-- 
  _,-=._              /|_/|
  `-.}   `=._,.-=-._.,  @ @._,
     `._ _,-.   )      _,.-'
        `    G.m-"^m`m'        Dmytro O. Redchuk

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] Not routing for 1 host?

[Joost Kraaijeveld]

lartc-bounces@mailman.ds9a.nl wrote:
> Hi,
> 
> I want to stop routing for 1 particular host in my network. I
> thought that this would do it:
> 
> iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP
> iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP
Ooops, silly me. Should be (as others pointed out):

iptables -A INPUT -d aaa.bbb.ccc.ddd -j DROP
iptables -A INPUT -s aaa.bbb.ccc.ddd -j DROP

BTW: I always think very hard, RTFM and search with Google before I ask a stupid question...


Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
e-mail: J.Kraaijeveld@Askesis.nl
web: www.askesis.nl
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] Not routing for 1 host?

[Joost Kraaijeveld]

lartc-bounces@mailman.ds9a.nl wrote:
> lartc-bounces@mailman.ds9a.nl wrote:
>> Hi,
>> 
>> I want to stop routing for 1 particular host in my network. I
>> thought that this would do it:
>> 
>> iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP
>> iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP
> Ooops, silly me. Should be (as others pointed out):
> 
> iptables -A INPUT -d aaa.bbb.ccc.ddd -j DROP
> iptables -A INPUT -s aaa.bbb.ccc.ddd -j DROP
> 
> BTW: I always think very hard, RTFM and search with Google
> before I ask a stupid question...

And I have to learn to type /copy & paste /pay attention to what I am doing

iptables -A FORWARD -d aaa.bbb.ccc.ddd -j DROP
iptables -A FORWARD -s aaa.bbb.ccc.ddd -j DROP
 
Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
e-mail: J.Kraaijeveld@Askesis.nl
web: www.askesis.nl
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Not routing for 1 host?

[Dmytro O. Redchuk]

On Tue, Apr 04, 2006 at 09:25:21AM +0200, Joost Kraaijeveld wrote:
> lartc-bounces@mailman.ds9a.nl wrote:
> > lartc-bounces@mailman.ds9a.nl wrote:
> >> Hi,
> >> 
> >> I want to stop routing for 1 particular host in my network. I
> >> thought that this would do it:
> >> 
> >> iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP
> >> iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP
> > Ooops, silly me. Should be (as others pointed out):
> > 
> > iptables -A INPUT -d aaa.bbb.ccc.ddd -j DROP
> > iptables -A INPUT -s aaa.bbb.ccc.ddd -j DROP
> > 
> > BTW: I always think very hard, RTFM and search with Google
> > before I ask a stupid question...
> 
> And I have to learn to type /copy & paste /pay attention to what I am doing
> 
> iptables -A FORWARD -d aaa.bbb.ccc.ddd -j DROP
> iptables -A FORWARD -s aaa.bbb.ccc.ddd -j DROP
try
  iptables -I FORWARD 1 ......

to make this rule the first one.

>  
> Groeten,
> 
> Joost Kraaijeveld
> Askesis B.V.
> Molukkenstraat 14
> 6524NB Nijmegen
> tel: 024-3888063 / 06-51855277
> fax: 024-3608416
> e-mail: J.Kraaijeveld@Askesis.nl
> web: www.askesis.nl

-- 
  _,-=._              /|_/|
  `-.}   `=._,.-=-._.,  @ @._,
     `._ _,-.   )      _,.-'
        `    G.m-"^m`m'        Dmytro O. Redchuk


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc