[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: IP access
- From: Bob Chiodini <chiodr kscems ksc nasa gov>
- To: fedora-list redhat com
- Subject: Re: IP access
- Date: Thu, 29 Jan 2004 11:36:06 -0500
On Thu, 2004-01-29 at 10:27, Szemerédy Gábor wrote:
> Hello list members!
> We have a server with its public IP address and there is also a subnet
> with
> local addresses (192.168.0.x) on it.
> We would like to limit the access from certain IP address so that it
> can
>
> be
> established only if the request comes from the same workstation.
> Something like capturing the workstations MAC address to its IP
> address
> ,
> so that the user can browse the internet only if the MAC address of
> the
> workstation and the IP address are equal to the predefined values.
> We do traffic accounting by IP address and would like to prevent using
> the account of an other workstation by changing the IP address.
> (In current situation one can browse the internet with certain IP
> address and then
> change the IP address and use the account of an other person).
> Is there any solution?
You might be able to combine the source IP address and mac matching
rules using iptables something like:
iptables -A FORWARD -s 10.0.0.5 -m mac --mac-source 00:AA:BB:CC:DD:EE -j
ACCEPT
(not tested)
It would mean a separate rule for each host on the local side of the
firewall, that would need editing each time the NIC or client computer
is changed.
Proxy ARP and/or bridging may also provide a solution (try
http://lartc.org/howto/lartc.bridging.proxy-arp.html).
Alternatively, use DHCP and eliminate root/administrator access by the
users (per Alexander).
Bob...
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]