Re: IP access

[Alexander Dalloz <alexander dalloz uni-bielefeld de>]

Am Do, den 29.01.2004 schrieb Szemerédy Gábor um 16:27:
> Hello list members!
> We have a server with its public IP address and there is also a subnet
> with
> local addresses (192.168.0.x) on it.
> We would like to limit the access from certain IP address so that it can
> 
> be
> established only if the request comes from the same workstation.
> Something like capturing the workstations MAC address to its IP address
> ,
> so that the user can browse the internet only if the MAC address of the
> workstation and the IP address are equal to the predefined values.
> We do traffic accounting by IP address and would like to prevent using
> the account of an other workstation by changing the IP address.
> (In current situation one can browse the internet with certain IP
> address and then
> change the IP address and use the account of an other person).
> Is there any solution?
> Thanks

Sure is there a solution: just be sure you are the only person with root
permissions! Only root can change the IP address of a linux host.

If it is not possible to limit root to you, you will have to modify your
iptables rules to also check the MAC address of a station initiating a
connection.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2149.nptl
Sirendipity 16:49:13 up 1:36, 7 users, 0.00, 0.11, 0.19 
                   [ Γνωθι σ'αυτον - gnothi seauton ]