[PLUG] Masquerading question...
Michael C. Robinson
michael at goose.robinson-west.com
Sun Sep 7 18:07:01 UTC 2003
If I want to disable a host's Internet access when it may be
receiving data from a masquearading server, will the masq
server terminate connections with Internet hosts because it
can't send data to the local host anymore or does the local
host have to terminate those connections? I would think
since the masq box pretends to be the local host that it
should simulate being down when the local host is down and
terminate any data stream destined to that host.
Out of curiosity, is there a port of iptables for Windows 98
Second Edition? I want to use it to set up rules that drop
all packets outbound to the Internet and inbound from it on
individual workstations at will.
Ultimately, I guess the simple masquerade for any local address
rule has to be replaced with something more complex like a user
defined chain for each host that the appropriate masquerading
rule can be put into and flushed out of at will. There are hosts
that should be allowed to traverse the local network prevented
from getting past the gateway and receiving data from the
Net when a user wants or needs this. This is something where
a utility would be well placed on my private internal web
server, perhaps a CGI script. The alternative to CGI is
an X terminal based utility. This has the advantage that
people have to authenticate by logging in on a local Linux
server before they can change their Internet access setting.
-- Michael
More information about the PLUG
mailing list