thr3ads.net - Shorewall users - blocking masquerading for individual ips [Jan 2005]

If this information is useful, please help other people find it:
Share via:

wilson rodrigues

2005-Jan-12 16:04 UTC

blocking masquerading for individual ips

hi,

I am using shorewall 2.0.14 on debian and it is working but for a small problem.

I want to allow masquerading only for a few ips in the network to some certain
site for ftp, ssh etc. Masquerading will be blocked for other users amd they
will access internet thru proxy server.

How can I do this ?

thanks.

wrodrigues.

Today is the tomorrow you worried about yesterday.

Tom Eastep

2005-Jan-12 16:08 UTC

head link

Re: blocking masquerading for individual ips

wilson rodrigues wrote:>   
> hi,
> 
> I am using shorewall 2.0.14 on debian and it is working but for a small
problem.
> 
> I want to allow masquerading only for a few ips in the network to some
certain site for ftp, ssh etc. Masquerading will be blocked for other users amd
they will access internet thru proxy server.
> 
> How can I do this ?
> 
Masquerading (SNAT) is *NOT* an access-control mechanism. If you want to
limit access from loc->net then change the default loc->net policy to
REJECT and add ACCEPT rules for the traffic that you want to allow.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Possibly Parallel Threads

Search for more seemingly similar threads

Shorewall users - Jan 2005 - blocking masquerading for individual ips

blocking masquerading for individual ips

Re: blocking masquerading for individual ips

Possibly Parallel Threads