Re: help on masquerading
On Tue, 29 Jun 2004, John Summerfield wrote:
>
> You didn't say whose machines they are nor what OS they're running. If
> they're yours you can lock them down so the users can't do those things.
>
I think, here the issue isn't what OS they'll be running. It's okay if they run TCP.
> You can run arpwatchd which will email ou whenever a new host arrives on
> your LAN and whenever anyone changes IP.
>
That's a good option. But it'll be too late if they do such activity at night (when I'm not at office) and use it till my next working day at office.
> You can configure DHCPD to serve out IP addresses, require all your
> clients to use DHCP. In your configuration you can hard-code IP
> addresses for everyone who's authorised to connect and use a dynamic
> range for everyone else. You may choose to not route them outside the
> LAN, give them IP addresses on a different subnet (they're all on the
> same wire) and generally be devious, even to regularly changing the
> allowed IP addresses!
>
I hadn't thought of DHCPD. I'll give a look at it. Thank you.
> Google for pebble and nocat. They're wireless kit, but probably useful
> to you to. Their purpose is to provide public Internet access and
> require everyone to be authenticated. In a free (gratis) environment,
> people can decline authentication and be authenticated as anonymous,
> with different access rights.
>
> From what you have said, that could suit you very well. Especially if
> you (want to) allow people to bring their wirelss laptops.
>
>
Another gentleman on the debian-isp list provided a better suggestion (as I think). Restricting my customers with MAC address. I think this would be enough for my requirement.
iptables -P FORWARD DROP
iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE
xx would be his mac address.
Thanks for all the replies.
Ritesh
>
> >Ritesh
> >
> >
> >
> >
>
>
>
Reply to: