Re: [CentOS] restrict network access

umair shakil wrote:

Salam,

Squid actually Proxy will do the trick....

Nope. Not if they are installed on those PCs.

Regards,

Umair Shakil ETD

On 10/19/07, *Arne Pelka* < lists@arnepelka.de mailto:lists@arnepelka.de> wrote:

Hi,

I have two pc using centos 4, these machines need only access to the
(big, class b) local network. Because of security reasons the network
access should be restricted to this local network - mainly the users
of these pc should not be able to access webpages outside of the local
network. My problem is, that I have no own centos repository and
therefore these two pc need access to the centos mirrors to get updates.
What would be the best way to restrict the network access to the local
network and allow the access to some external addresses (a centos
mirror and maybe some other servers/websites).
I was thinking about iptables but I'm not very experienced in this
questions - maybe there is an easier way. The configuration with
iptables seems to be very complex, I was skimming through some
tutorials and the man pages.

Just block outgoing connections to all webservers but those that are allowed.

iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j DROP or REJECT

Or to be more complete:

iptables -P OUTPUT DROP or REJECT iptables -A OUTPUT -d localnet -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT and so on.