I have configured Ubuntu machine as router. Steps of NAT configuration are given below:
#iptables -F
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#iptables-save > /etc/network/iptables
Then kept this file location in rc.local
#vi /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
/sbin/iptables-restore < /etc/network/iptables
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
exit 0
#reboot
It works, Now I want to block an ip address. To do this, I have executed following command:
#iptables -A INPUT -s 69.171.229.11 -j DROP
#iptables-save > /etc/network/iptables
#reboot
But it does not work.
vi /etc/network/iptables
now look like this:
# Generated by iptables-save v1.4.4 on Tue Feb 14 11:21:16 2012
*nat
:PREROUTING ACCEPT [870:97719]
:POSTROUTING ACCEPT [283:23151]
:OUTPUT ACCEPT [461:28753]
-A POSTROUTING -o eth0 -j MASQUERADE COMMIT
# Completed on Tue Feb 14 11:21:16 2012
# Generated by iptables-save v1.4.4 on Tue Feb 14 11:21:16 2012
*filter
:INPUT ACCEPT [4914:3254723]
:FORWARD ACCEPT [2382:1222521]
:OUTPUT ACCEPT [4010:410041]
-A INPUT -s 98.137.149.56/32 -j DROP
COMMIT
# Completed on Tue Feb 14 11:21:16 2012
What am I missing to block an ip address?