Re: IPTABLES rule for separating users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/20/11 5:39 PM, Chris Kloiber wrote:
> On 03/05/2011 03:58 AM, erikmccaskey64 wrote:
>> I have an OpenWrt 10.03 router [ IP: 192.168.1.1 ], and it has a DHCP 
>> server pool: 192.168.1.0/24 - clients are using it through 
>> wireless/wired connection. Ok!
>>
>> Here's the catch: I need to separate the users from each other.
>>
>> How i need to do it: by IPTABLES rule [ /etc/firewall.user ]. Ok!
>>
>> "Loud thinking": So i need a rule something like this [on the OpenWrt 
>> router]:
>>
>> - DROP where SOURCE: 192.168.1.2-192.168.1.255 and DESTINATION is 
>> 192.168.1.2-192.168.1.255
>>
>> The idea is this. Ok!
>>
>> Questions!
>> - Will i lock out myself if i apply this firewall rule?
>> - Is this a secure method? [ is it easy to do this?: hello, i'm a 
>> client, and i say, my IP address is 192.168.1.1! - now it can sniff 
>> the unencrypted traffic! :( - because all the clients are in the same 
>> subnet! ]
If you want to stop sniffing of the unencrypted traffic, then IPTables 
IS NOT THE WAY TO GO.  You should either remove the sniffer program or 
make it so that only users with root capabilities can run it (sudoers 
should not have the program in it.)
>> - Are there any good methods to find/audit for duplicated IP addresses?
>> - Are the any good methods to find/audit for duplicated MAC addresses?
arp should dump the entire cache.

There should be a method to do the same thing for IP addresses?

Looks like you have a larger problem than what you are looking at.  If 
you are a security specialist, then you should know all of the tools you 
have at your disposal to find and destroy the bad nasties in your own 
network (hint, if you are running a Linux based router, they are there.)

James McKenzie

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux