Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Would like to setup Internet Gateway server...with authentication. As of now, already have a Linux 8.0 Installed with squid/ NAT. EVerything is working fine. Now i need to develop a system where in only authenticated users get access to the internet, not only to web browsing activity but also all related internet access such as Pcanywhere, telnet, etc etc...basically even ping , I mean they should not be able to even ping if they are not authenticated by the system. I guess would be something on dynamic firewall kinds. Any documentation/links would be of great help. Also if we can group users according to their departments & requirement and then apply the policy.
I would do it in the following manner. Setup a DHCP server and all normal users that u want to limit pings, services, etc would recieve this IP and on your FW u block what u would like. The other users that need certain or specific previliges u may give them a static IP and edit FW accordingly. I am not aware of any software that will authenticate u against a FW like in Checkpiont. For authentication I would use squid and also try block certain services from going through.
Using static IPs or better DHCP reservations assumes that your users only work on their dedicated machines.
A nice tweak would be to set the IP address at login. This works only for single user machines! (changing the IPs while users are connected will cause connection losses.
Example you have 2 IP ranges, one for privileged users, one for the poor ones.
During login, an IP address is selected from the DHCP range according to the user's
privilege. There should be a method to select a DHCP pool. I never did so.
i.e. execute a sophisticated dhclient in .profile.
You also may want to assign 2 static IPs for each machine in the IP inventory.
An ifconfig command is issued at login selecting one of them according to user privilege.
example:
Write 2 scripts on each computer. Each script has 1 ifconfig statement.
do not allow the scripts to accept any parameters (this only makes them vulnerable).
chown them to root and set the SUID bit. (Somewhat dangerous. I tend to call it the suicide bit).
chown root scriptname_for_p*
chmod +s scriptname_for_p*
chmod 750 scriptname_for_p*
chgrp users scriptname_for_poor_ones
chgrp privileged_group_name scriptname_for_privileged_ones
call the respective script from .profile or such.
If it would be only web access, things could be simpler since some proxies allow user identification.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
