* doubt about ip ranges
@ 2003-06-14 0:08 Leonardo Borda
2003-06-14 15:27 ` Joel Newkirk
0 siblings, 1 reply; 4+ messages in thread
From: Leonardo Borda @ 2003-06-14 0:08 UTC (permalink / raw)
To: netfilter
Hello,
I have a network 192.168.25.0 and I need specify the following rules:
192.168.24.1 to 192.168.25.33 -> just should have HTTP access.
192.168.24.34 to 192.168.25.133 -> just should have FTP access.
192.168.24.134 to 192.168.25.254 -> just SSH access.
I could do it using a loop for and creatiang one rule each time for each ip
address. But I think this is not a best solution.
I tried using: iptables -A FORWARD -p tcp -s 192.168.25.1-33 ... but was
not successful.
Is there any way to make this works ?
Thanks!
Atenciosamente,
Leonardo Borda
Netwall Tecnologia e Projetos - http://www.netwall.com.br
Fone/Fax: +55 51 3235.2868
Celular: +55 51 9914.3039
mailto:borda@netwall.com.br
/** Construindo soluções em tecnologia voltadas ao seu negócio **/
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: doubt about ip ranges
2003-06-14 0:08 doubt about ip ranges Leonardo Borda
@ 2003-06-14 15:27 ` Joel Newkirk
2003-06-14 17:37 ` ARP mangling Dmitry B. Khlonin
2003-06-15 20:23 ` RES: doubt about ip ranges Leonardo Borda
0 siblings, 2 replies; 4+ messages in thread
From: Joel Newkirk @ 2003-06-14 15:27 UTC (permalink / raw)
To: borda; +Cc: netfilter
On Fri, 2003-06-13 at 20:08, Leonardo Borda wrote:
> Hello,
>
> I have a network 192.168.25.0 and I need specify the following rules:
>
> 192.168.24.1 to 192.168.25.33 -> just should have HTTP access.
> 192.168.24.34 to 192.168.25.133 -> just should have FTP access.
> 192.168.24.134 to 192.168.25.254 -> just SSH access.
>
> I could do it using a loop for and creatiang one rule each time for each ip
> address. But I think this is not a best solution.
>
> I tried using: iptables -A FORWARD -p tcp -s 192.168.25.1-33 ... but was
> not successful.
>
> Is there any way to make this works ?
>
> Thanks!
If you are able to modify the ranges slightly, you could use this:
# 192.168.25.0-31 allowed HTTP
iptables -A FORWARD -s 192.168.25.0/27 -p tcp --dport 80 -j ACCEPT
# 192.168.25.32-63 allowed FTP
iptables -A FORWARD -s 192.168.25.32/27 -p tcp --dport 21 -j ACCEPT
# 192.168.25.64-127 allowed FTP
iptables -A FORWARD -s 192.168.25.64/26 -p tcp --dport 21 -j ACCEPT
# 192.168.25.128-255 allowed SSH
iptables -A FORWARD -s 192.168.25.128/25 -p tcp --dport 22 -j ACCEPT
j
> Atenciosamente,
>
> Leonardo Borda
> Netwall Tecnologia e Projetos - http://www.netwall.com.br
> Fone/Fax: +55 51 3235.2868
> Celular: +55 51 9914.3039
> mailto:borda@netwall.com.br
>
> /** Construindo soluções em tecnologia voltadas ao seu negócio **/
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* ARP mangling
2003-06-14 15:27 ` Joel Newkirk
@ 2003-06-14 17:37 ` Dmitry B. Khlonin
2003-06-15 20:23 ` RES: doubt about ip ranges Leonardo Borda
1 sibling, 0 replies; 4+ messages in thread
From: Dmitry B. Khlonin @ 2003-06-14 17:37 UTC (permalink / raw)
To: netfilter
Is it possible to mangle ARP packets with new netfilter extension?
I saw it configured in kernel but I have no see any related mans or docs.
This need to be resolved for me, because I have ebtables (same as
iptables but on ethernel level)
and need to mangle ARP packets for normal ethernet NAT work. I looked in
the ebtables archives and
saw answer to similar question - this is iptables possibility.
^ permalink raw reply [flat|nested] 4+ messages in thread
* RES: doubt about ip ranges
2003-06-14 15:27 ` Joel Newkirk
2003-06-14 17:37 ` ARP mangling Dmitry B. Khlonin
@ 2003-06-15 20:23 ` Leonardo Borda
1 sibling, 0 replies; 4+ messages in thread
From: Leonardo Borda @ 2003-06-15 20:23 UTC (permalink / raw)
To: Joel Newkirk; +Cc: netfilter
People
I found in
http://www.netfilter.org/documentation/pomlist/pom-base.html#iprange that
solve my problem.
Does anyone have tested it?
thanks to all.
Best regards!
-----Mensagem original-----
De: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]Em nome de Joel Newkirk
Enviada em: sábado, 14 de junho de 2003 12:28
Para: borda@netwall.com.br
Cc: netfilter@lists.netfilter.org
Assunto: Re: doubt about ip ranges
On Fri, 2003-06-13 at 20:08, Leonardo Borda wrote:
> Hello,
>
> I have a network 192.168.25.0 and I need specify the following rules:
>
> 192.168.24.1 to 192.168.25.33 -> just should have HTTP access.
> 192.168.24.34 to 192.168.25.133 -> just should have FTP access.
> 192.168.24.134 to 192.168.25.254 -> just SSH access.
>
> I could do it using a loop for and creatiang one rule each time for each
ip
> address. But I think this is not a best solution.
>
> I tried using: iptables -A FORWARD -p tcp -s 192.168.25.1-33 ... but was
> not successful.
>
> Is there any way to make this works ?
>
> Thanks!
If you are able to modify the ranges slightly, you could use this:
# 192.168.25.0-31 allowed HTTP
iptables -A FORWARD -s 192.168.25.0/27 -p tcp --dport 80 -j ACCEPT
# 192.168.25.32-63 allowed FTP
iptables -A FORWARD -s 192.168.25.32/27 -p tcp --dport 21 -j ACCEPT
# 192.168.25.64-127 allowed FTP
iptables -A FORWARD -s 192.168.25.64/26 -p tcp --dport 21 -j ACCEPT
# 192.168.25.128-255 allowed SSH
iptables -A FORWARD -s 192.168.25.128/25 -p tcp --dport 22 -j ACCEPT
j
> Atenciosamente,
>
> Leonardo Borda
> Netwall Tecnologia e Projetos - http://www.netwall.com.br
> Fone/Fax: +55 51 3235.2868
> Celular: +55 51 9914.3039
> mailto:borda@netwall.com.br
>
> /** Construindo soluções em tecnologia voltadas ao seu negócio **/
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-06-15 20:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-06-14 0:08 doubt about ip ranges Leonardo Borda
2003-06-14 15:27 ` Joel Newkirk
2003-06-14 17:37 ` ARP mangling Dmitry B. Khlonin
2003-06-15 20:23 ` RES: doubt about ip ranges Leonardo Borda
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.