LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-14-2004, 06:14 AM   #1
YNets269
LQ Newbie
 
Registered: Jul 2004
Location: Bucharest, Romania
Posts: 1

Rep: Reputation: 0
Question linux router must grant internet acces based on MAC adresses


Hello everyones !

I must handle the following problem:

I have a medium network (>70 computers with fixed IP addresses), a cable modem internet connection and a linux router (P1/200MHz, 32MB ram, 3.2GB Hdd, cdrom, RHL 8).
Only 8 computers must use the internet connexion and the permission must be granted based on MAC address of their NICs, not by IP addresses (I have my reasons).
Can someone tell me how can I do that or point me to a site containing the adequate documentation ?

Thank You !
 
Old 07-14-2004, 06:56 AM   #2
Mogwa_
Member
 
Registered: Aug 2003
Distribution: Slackware, Evil Entity
Posts: 63

Rep: Reputation: 15
If you have/or dont mind installing squid proxy server on the box squid can do permistions based on mac/ip/user and pass and a few others.

You will need to do a fair bit of reading but http://www.squid-cache.org

Also acts as a cache so things are saced for later use.
 
Old 07-14-2004, 07:51 AM   #3
schoeppchen
LQ Newbie
 
Registered: Jul 2004
Posts: 29

Rep: Reputation: 15
I'd be interested in a pure linux routing solution without the need of squid or some other proxy service. With squid I'm only capable of limiting MAC to squid services (http, ftp and even other services) but not to base the whole routing (every ip paket on every port) on the MAC.
 
Old 07-14-2004, 10:55 PM   #4
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 46
This post should give you a proper direction.
 
Old 07-15-2004, 02:56 AM   #5
schoeppchen
LQ Newbie
 
Registered: Jul 2004
Posts: 29

Rep: Reputation: 15
Exactly what I was looking for. Should have taken a deeper look on iptables -m parameter myself. Thanks for the hint!
 
Old 07-15-2004, 05:48 AM   #6
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
filtering on mac address isnt a good idea.
now a days mac addresses can be easily changed thats why good firewalls like Packet Filter havent any option to filter on mac address.

as ur all clients are on same lan any one can learn all macs very easily.
better to make vpn server or pppoe server for username password based authentication.
 
Old 07-15-2004, 05:56 AM   #7
schoeppchen
LQ Newbie
 
Registered: Jul 2004
Posts: 29

Rep: Reputation: 15
Filtering on MAC isn't a good idea as long as you don't use other security options - but in addition I think this is a quite good thing to do.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
reject certain mac-adresses ekkins Linux - Networking 1 06-19-2005 06:14 PM
Internet Acces over Router CloudBuilder Fedora 4 06-13-2005 05:58 PM
Multiple MAC Adresses to one NIC? cjs500 Linux - Networking 8 04-29-2005 03:36 AM
samba acces router ruben0076 Linux - Networking 2 01-22-2005 07:14 AM
noFTP acces via Internet on Debian 3.0 box on a LAN network with Netgear rp614 router ferry Linux - Networking 2 08-16-2004 12:33 AM


All times are GMT -5. The time now is 03:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration