* doubt about ip ranges
@ 2003-06-14 0:08 Leonardo Borda
2003-06-14 15:27 ` Joel Newkirk
0 siblings, 1 reply; 4+ messages in thread
From: Leonardo Borda @ 2003-06-14 0:08 UTC (permalink / raw)
To: netfilter
Hello,
I have a network 192.168.25.0 and I need specify the following rules:
192.168.24.1 to 192.168.25.33 -> just should have HTTP access.
192.168.24.34 to 192.168.25.133 -> just should have FTP access.
192.168.24.134 to 192.168.25.254 -> just SSH access.
I could do it using a loop for and creatiang one rule each time for each ip
address. But I think this is not a best solution.
I tried using: iptables -A FORWARD -p tcp -s 192.168.25.1-33 ... but was
not successful.
Is there any way to make this works ?
Thanks!
Atenciosamente,
Leonardo Borda
Netwall Tecnologia e Projetos - http://www.netwall.com.br
Fone/Fax: +55 51 3235.2868
Celular: +55 51 9914.3039
mailto:borda@netwall.com.br
/** Construindo soluções em tecnologia voltadas ao seu negócio **/
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: doubt about ip ranges
2003-06-14 0:08 doubt about ip ranges Leonardo Borda
@ 2003-06-14 15:27 ` Joel Newkirk
2003-06-14 17:37 ` ARP mangling Dmitry B. Khlonin
2003-06-15 20:23 ` RES: doubt about ip ranges Leonardo Borda
0 siblings, 2 replies; 4+ messages in thread
From: Joel Newkirk @ 2003-06-14 15:27 UTC (permalink / raw)
To: borda; +Cc: netfilter
On Fri, 2003-06-13 at 20:08, Leonardo Borda wrote:
> Hello,
>
> I have a network 192.168.25.0 and I need specify the following rules:
>
> 192.168.24.1 to 192.168.25.33 -> just should have HTTP access.
> 192.168.24.34 to 192.168.25.133 -> just should have FTP access.
> 192.168.24.134 to 192.168.25.254 -> just SSH access.
>
> I could do it using a loop for and creatiang one rule each time for each ip
> address. But I think this is not a best solution.
>
> I tried using: iptables -A FORWARD -p tcp -s 192.168.25.1-33 ... but was
> not successful.
>
> Is there any way to make this works ?
>
> Thanks!
If you are able to modify the ranges slightly, you could use this:
# 192.168.25.0-31 allowed HTTP
iptables -A FORWARD -s 192.168.25.0/27 -p tcp --dport 80 -j ACCEPT
# 192.168.25.32-63 allowed FTP
iptables -A FORWARD -s 192.168.25.32/27 -p tcp --dport 21 -j ACCEPT
# 192.168.25.64-127 allowed FTP
iptables -A FORWARD -s 192.168.25.64/26 -p tcp --dport 21 -j ACCEPT
# 192.168.25.128-255 allowed SSH
iptables -A FORWARD -s 192.168.25.128/25 -p tcp --dport 22 -j ACCEPT
j
> Atenciosamente,
>
> Leonardo Borda
> Netwall Tecnologia e Projetos - http://www.netwall.com.br
> Fone/Fax: +55 51 3235.2868
> Celular: +55 51 9914.3039
> mailto:borda@netwall.com.br
>
> /** Construindo soluções em tecnologia voltadas ao seu negócio **/
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* ARP mangling
2003-06-14 15:27 ` Joel Newkirk
@ 2003-06-14 17:37 ` Dmitry B. Khlonin
2003-06-15 20:23 ` RES: doubt about ip ranges Leonardo Borda
1 sibling, 0 replies; 4+ messages in thread
From: Dmitry B. Khlonin @ 2003-06-14 17:37 UTC (permalink / raw)
To: netfilter
Is it possible to mangle ARP packets with new netfilter extension?
I saw it configured in kernel but I have no see any related mans or docs.
This need to be resolved for me, because I have ebtables (same as
iptables but on ethernel level)
and need to mangle ARP packets for normal ethernet NAT work. I looked in
the ebtables archives and
saw answer to similar question - this is iptables possibility.
^ permalink raw reply [flat|nested] 4+ messages in thread
* RES: doubt about ip ranges
2003-06-14 15:27 ` Joel Newkirk
2003-06-14 17:37 ` ARP mangling Dmitry B. Khlonin
@ 2003-06-15 20:23 ` Leonardo Borda
1 sibling, 0 replies; 4+ messages in thread
From: Leonardo Borda @ 2003-06-15 20:23 UTC (permalink / raw)
To: Joel Newkirk; +Cc: netfilter
People
I found in
http://www.netfilter.org/documentation/pomlist/pom-base.html#iprange that
solve my problem.
Does anyone have tested it?
thanks to all.
Best regards!
-----Mensagem original-----
De: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]Em nome de Joel Newkirk
Enviada em: sábado, 14 de junho de 2003 12:28
Para: borda@netwall.com.br
Cc: netfilter@lists.netfilter.org
Assunto: Re: doubt about ip ranges
On Fri, 2003-06-13 at 20:08, Leonardo Borda wrote:
> Hello,
>
> I have a network 192.168.25.0 and I need specify the following rules:
>
> 192.168.24.1 to 192.168.25.33 -> just should have HTTP access.
> 192.168.24.34 to 192.168.25.133 -> just should have FTP access.
> 192.168.24.134 to 192.168.25.254 -> just SSH access.
>
> I could do it using a loop for and creatiang one rule each time for each
ip
> address. But I think this is not a best solution.
>
> I tried using: iptables -A FORWARD -p tcp -s 192.168.25.1-33 ... but was
> not successful.
>
> Is there any way to make this works ?
>
> Thanks!
If you are able to modify the ranges slightly, you could use this:
# 192.168.25.0-31 allowed HTTP
iptables -A FORWARD -s 192.168.25.0/27 -p tcp --dport 80 -j ACCEPT
# 192.168.25.32-63 allowed FTP
iptables -A FORWARD -s 192.168.25.32/27 -p tcp --dport 21 -j ACCEPT
# 192.168.25.64-127 allowed FTP
iptables -A FORWARD -s 192.168.25.64/26 -p tcp --dport 21 -j ACCEPT
# 192.168.25.128-255 allowed SSH
iptables -A FORWARD -s 192.168.25.128/25 -p tcp --dport 22 -j ACCEPT
j
> Atenciosamente,
>
> Leonardo Borda
> Netwall Tecnologia e Projetos - http://www.netwall.com.br
> Fone/Fax: +55 51 3235.2868
> Celular: +55 51 9914.3039
> mailto:borda@netwall.com.br
>
> /** Construindo soluções em tecnologia voltadas ao seu negócio **/
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.488 / Virus Database: 287 - Release Date: 5/6/2003
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-06-15 20:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-06-14 0:08 doubt about ip ranges Leonardo Borda
2003-06-14 15:27 ` Joel Newkirk
2003-06-14 17:37 ` ARP mangling Dmitry B. Khlonin
2003-06-15 20:23 ` RES: doubt about ip ranges Leonardo Borda
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox