block internet without one ip

[santoshdj123]

Hi all,

I have one linux firewll and 3 windows clients under it. all having public ips. Now i want to restrict other user ( from internet) to access 1 pertiuclar windows machine. can i do such configuration on my linux firewall machine that all traffic will be denied which is going to this windows machine except one public ip throught internet and others allow.

 

[job357]

Consider the following:

http://iptables-tutorial.frozentux.net/iptables-tutorial.html

This will put you in the right direction.

 

[santoshdj123]

my requirement is only one simple command.
suppose my linux firewall machine is 1.1.1.1 and i have one windows machine having ip 2.2.2.2 . now i want internet access on 2.2.2.2 but it is under linux.
my reuiqrement is only one ip through internet must be able to access this 2.2.2.2 machine and not others. for that can i do nating..If i use nating.. the address will be 1.1.1.1 for 2.2.2.2 machine..
waiting for exact command..

 

[ady2k]

How many ethernet card do you have on your firewall?
Put the machine with ip 2.2.2.2 on DMZ.That meant internet users can access machine with ip 2.2.2.2.

 

[lgarner]

The exact command depends upon your exact configuration. You already have iptables (I hope) running since you have a Linux firewall.

Your commands will essentially be:
Allow packets from external source to internal target
Drop packets from anywhere to internal target

This should follow your rules allowing the internal machines to access the Internet, or your "internal target" won't be able to access any public host other than the designated one.

Nat is generally also a good idea, but isn't required to do what you want.

Then link from job357 is a good one, especially the "Examples" section.