LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Script needed
From:	John Summerfield <[log in to unmask]>
Reply To:	John Summerfield <[log in to unmask]>
Date:	Mon, 22 Sep 2008 13:29:47 +0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (63 lines)

Juan Pablo Macias wrote:
> Hi
> 
> I think it would be easier to make this at firewall level. For
> example, assign an IP address range from 192.168.1.10 to 192.168.1.50
> to unregistered addresses, and at your gateway, use iptables to block
> addresses in that range from passing through. When you register your
> client, assign an ip outside that range. You could make this based on
> ports too.
> 
> Juan Pablo Macias
> 
> 2008/9/19 vivek chal <[log in to unmask]>:
>> Hello all !
>> i have made a dhcp server that assigns temporary ip address to my clients on
>> first attempt and when clients fill the registration form (which includes
>> host name, MAC address etc), i write  entries in dhcp.conf to assign fixed
>> ip address based on their MAC address.
>> Now i want my server's some services like ssh,telnet and iptables will work
>> only for registered users to whom i have assigned fixed ip address in
>> dhcp.conf based on their MAC address so that only registered users can
>> access internet . My machine is acting as a DNS, Gateway and DHCP.

I don't think much of it as a security idea. Anyone who's master of 
their own machine can assign their own IP address. MAC addresses can be 
forged. iptables can only be configured on the machine it's running on.

There is a free package that does pretty much what I think you want, 
it's part of pebble linux, I think it's from Seattle Wireless (a group 
of users) and it _is_ mentioned in 100 Wireless Hacks published by 
Oreilly. I think it's NoCatAuth.

Pebble linux is a special-purpose Linux distro, comes as a tarball, is 
really small and is intended for wireless access points built from old 
peecees, where access to the Internet needs to be controlled but not 
necessarily charged for. Think "Free Internet cafe."

>>
>> Can anyone help me to write such a script as I have to implement this server
>> soon.

> 
> 

-- 

Cheers
John

-- spambait
[log in to unmask]  [log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV