All of lore.kernel.org
 help / color / mirror / Atom feed
* Block outbound host to specific port using Masq./NAT?
@ 2005-01-03 21:45 Jerry A. Applebaum
  2005-01-04 13:10 ` Gavin Hamill
  0 siblings, 1 reply; 2+ messages in thread
From: Jerry A. Applebaum @ 2005-01-03 21:45 UTC (permalink / raw)
  To: netfilter

Hello - this is probably a dumb question....I'm using iptables for my
home network (DSL) and I have masquerading, some port forwarding,
etc., etc., and everything works great...EXCEPT....I have a situation
where I occaisionally want to block outbound traffic from a certain
host inside to a certain destination IP and/or port.  For example, I'd
like to block one host from within my network from using Instant
Messenger but still allow web surfing.  I've been able to dynamically
block ALL outbound access to the internet but I'm unable to restrict
access to certain destination ports.

So this works:
iptables -A INPUT -s 10.1.1.10 -j DROP
iptables -A OUTPUT -d 10.1.1.10 -j DROP
iptables -A FORWARD -d 10.1.1.10 -j DROP

And I thought I could do something like this:
iptables -A OUTPUT -s 10.1.1.10 -p tcp -m tcp --dport 5190 -j DROP
iptables -A FORWARD -d 10.1.1.10 -p tcp -m tcp --dport 5190 -j DROP
....but it has no effect.

I've tried different combinations of "-d and -s" and "--dport and
--sport" just to see if I was doing something backwards....no dice.  I
was wondering if I needed to set up some kind of pre or post routing
because of the masquerading?

Any help would be appreciated.

Thanks!

-- 

Jerry A.


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-01-04 13:10 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-03 21:45 Block outbound host to specific port using Masq./NAT? Jerry A. Applebaum
2005-01-04 13:10 ` Gavin Hamill

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.