Results 1 to 4 of 4

Thread: IPTable rule to block VM access to Router Login page

  1. #1
    Join Date
    Nov 2010
    Beans
    9

    IPTable rule to block VM access to Router Login page

    Hi All:

    I am running virtual machines on an Ubuntu Host (10.4). The VMs run Gnome and have browsers that can reach the Internet. The VMs are on a subnet. For the sake of argument, the VMs are on 192.168.0.X/24 and the host is on 192.168.5.X/24. Right now, the VMs via their browsers can reach the router/firewall login page, which I would like to prevent while leaving them the ability to get to the Internet.

    Q: Is there an IPTable rule (or one in ufw) someone could suggest that:
    a) would prevent the virtual machines from reaching the router login page (on the same subnet as the host) and
    b) still allow VM browser access to the Internet

    Any help appreciated!

    Thanks!

  2. #2
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: IPTable rule to block VM access to Router Login page

    The rule would depend on what port the router software is listening for connections. Assuming it is port 80, you can just tell iptables to block outgoing access to that IP address on port 80, but this will also mess with internet access.

    Your best bet is it just leave it alone. The router/firewall settings are behind a login screen, right?
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  3. #3
    Join Date
    Nov 2010
    Beans
    9

    Re: IPTable rule to block VM access to Router Login page

    Thanks CharlesA - yes, it's behind a strong password. Would prefer not to give people access to login screen at all...but need to give access to Internet. Thanks for giving this a think...

  4. #4
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    12,229
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: IPTable rule to block VM access to Router Login page

    Code:
    /sbin/iptables -I INPUT -d ip.of.the.router -j REJECT
    /sbin/iptables -I INPUT -s ip.of.your.machine -d ip.of.the.router -j ACCEPT
    These two rules will be "inserted" (-I) at the top of the iptables ruleset. They appear in reverse order.

    Once entered, you will be able to access the router from ip.of.your.machine but not from anywhere else.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •