Re: Prevent unknown users from using Internet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



bsnottum@xxxxxxxxxx wrote:
> Hello!
> 
> I am running fedora core 2 server with dhcp-3.0.1rc14-1.
> 
> I would like to restrict Internet access only to those users that is given
> an ip-address from my dhcp server. The dhcp server only gives out
> addresses to nic's already defined in dhcpd.conf.
> 
> Has anyone had any experience with this? All kinds of help would be
> appreciated.
> 
> Thanks!
> 
> Bjorn
> 
> 
Have you considered running a proxy server and requiring everyone to
connect to the Internet through it. If you just open the firewall to
IP addresses assigned by the DHCP server, someone can still use the
IP address of a lease that has not expired, but is not being used.

If you do not like the proxy approach, you can set up iptables
firewall rules using the MAC address. (--mac-source) But you need to
be aware that MAC addresses can be faked. One advantage of having
the firewall reject connections on the local network that do not
have an approved MAC address is that they will not be able to talk
to the DHCP server. You could probably write a script that would
grab the MAC addresses from the DHCP config file, and generate the
firewall rules.

If your FC2 box is not your firewall between the local network, and
the Internet, then this is not going to work. The what you can do
depends on your firewall/router...

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux