Linux and ROuter ?

[Gremlin256]

I know Linux can be used as a router but the question is can Linux can be used to allow a range of ips in and not the rest. Like for example let's say there are 4 subnets, can linux be used to let the 3 three subnets and not the 4th one? If anyone can help me out I would really appreciate it. Is there a software for linux to enable this feature? Thanks

 

[prairieseahorse]

I'm assuming that you have the interfaces installed and ip-forwarding turned on so that it's acting like a router. To limit a subnet from crossing, you can set ipchains to block the particular subnet.

Set the policies first by issuing:
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT

Then set the restricting rule in place:

ipchains -A input -s xxx.xxx.xxx.xxx/mm -j DENY

where xxx.xxx.xxx.xxx/mm is the ipsubnet/mask you wish to block.

This will match each packet coming into the router and drop any that match the address/subnetmask you specified. Anything else flows through.

Normally you would tighten up the policies (first 3 commands) but if its an internal router, it should be ok.

To keep this across a reboot, you'll need to do a

ipchains-save > file ( I recommend /etc/sysconfig/ipchains

Then if your version doesn't already do it, you'll need a

ipchains-restore < file in an rc script


Hope this helps -- good luck.