Hi, me again!
I sent a post a few days ago asking about controling a gateway and I'm still no better off. I have a LINUX box set up as a gateway PC. What I need is to crudely allow selected IP addresses to get through the gateway and onto the LAN and all others to be denied. Does anyone know how to do this? I have searched endlessly but I can't seem to find a solution to this problem.
I've been told to use iptables, which is all very well but I'm not having much joy with it. Is it imperitive to know about ports before setting up iptables and is it possible to simply allow one IP address to access the LAN and all others to be denied, by using iptables.

Please help, I'm running out of time. Thank you
Carl

Hello,

Maybe a little more information is in order.

What Linux distribution are you using?

Which version of that Linux distribution?

From what I gather from this post, you want to allow access to your LAN from specific IPs OUTSIDE of the LAN through the gateway? Am I correct in this assumption? Sort of a VPN set up I'm guessing.

I'm using SuSE 7.3 which is 2.4 Kernel, which means iptables instead of ipchains.

You are right in the assumptions you are making, that is the set up that I was to create.

Rather than write a HOWTO all over again, have you checked out the Linux VPN Masquerade HOWTO?

http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html

Greetings,

I built an ipchains packet filter some time ago, and besides getting the ACCEPT, DENY, and REJECT syntax correct (arrgh!) I seem to recall that some manipulation of the /etc/resolv.conf & /etc/hosts files were required. tcpdump was very helpful.

Regards

If you want to filter ports, then look into "port forwarding", in which case you will need to know what services you'll want to offer on the systems.

If you don't want to filter, then why not just put them all on your external interface? You aren't offering them any protection...

You should read chapter 9, 10 and 11 of the Linux Network Administrators Guide http://www.tldp.org/LDP/nag2/index.html.

----------quote---------
Is it imperitive to know about ports before setting up iptables and is it possible to simply allow one IP address to access the LAN and all others to be denied, by using iptables.
--------------------------
addresses to get through the gateway and onto the LAN
--------------------------

From the outside to the lan correct??

Your best bet, to give one outside machine full access to any port on a machine on the lan, is to set up a VPN. With portforwarding you must know the ports involved, but with a VPN all the port on the target machine can be accessable without knowing which ports are involved. Iptables still come into play but you need not know all the ports.

poptop does just that using window's built-in clients
http://sourceforge.net/projects/poptop

Just what services do you need to access on the target lan machine??

What part of iptables are you having trouble with??