How can I authenticate ethernet users before they use network
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I see a lot of suggestions for Squid Proxy as a solution to restrict Internet usage. It sounds like you would rather prevent them from even connecting to your network, in which case you could whitelist your DHCP list, use an ACL on a switch or router if you have one that supports it. Restricting the DHCP could possibly be bypassed by simply setting an IP rather than requesting one be assigned.
You could arrange dhcpd to only hand out static leases, and have iptables dynamically allow connections from the allocated IPs and block everything else.
Unfortunately, this would be very time-critical, as the DHCP-ACK packet will contain the source address just handed out.
Have you considered using iptables to allow only specific MACs to use your server? Like (example):
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
iptables -A INPUT -m mac --mac-source YY:YY:YY:YY:YY:YY -j ACCEPT
iptables -A INPUT -m mac --mac-source ZZ:ZZ:ZZ:ZZ:ZZ:ZZ -j ACCEPT
iptables -A INPUT -j DROP