Re: IP access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-01-29 at 10:27, Szemerédy Gábor wrote:
> Hello list members!
> We have a server with its public IP address and there is also a subnet
> with
> local addresses (192.168.0.x) on it.
> We would like to limit the access from certain IP address so that it
> can
> 
> be
> established only if the request comes from the same workstation.
> Something like capturing the workstations MAC address to its IP
> address
> ,
> so that the user can browse the internet only if the MAC address of
> the
> workstation and the IP address are equal to the predefined values.
> We do traffic accounting by IP address and would like to prevent using
> the account of an other workstation by changing the IP address.
> (In current situation one can browse the internet with certain IP
> address and then
> change the IP address and use the account of an other person).
> Is there any solution?

You might be able to combine the source IP address and mac matching
rules using iptables something like:

iptables -A FORWARD -s 10.0.0.5 -m mac --mac-source 00:AA:BB:CC:DD:EE -j
ACCEPT

(not tested)

It would mean a separate rule for each host on the local side of the
firewall, that would need editing each time the NIC or client computer
is changed.

Proxy ARP and/or bridging may also provide a solution (try
http://lartc.org/howto/lartc.bridging.proxy-arp.html).

Alternatively, use DHCP and eliminate root/administrator access by the
users (per Alexander).

Bob...





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux