On Sat, 2002-03-23 at 03:27, Alex Iruc wrote: > > I have the followin situation: I give net access to an user (with > a real IP address), but he is giving net to another one by using IP > MASQURADING. I want to filter out, to block any data packet that comes > from that masqueraded ip. I know that you practycally cannot do that, but > I also know that the getaway with the real ip puts the real ip in every > data packet that comes from the masq...but doen not erase the masq ip from > the data packet....so it's still there somewhere.....:)
No, it's not. The MASQ gateway keeps a table mapping outgoing ports to masqueraded hosts. The private IP is not evidenced in the outgoing packets. IIRC, ipchains uses a limited set of the high numbered ports, but iptables does not. > How can I block the masq IP ? Don't provide service to people who violate your terms and conditions.
signature.asc
Description: This is a digitally signed message part