How can I authenticate ethernet users before they use network
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How can I authenticate ethernet users before they use network
Hello,
is there any solution for authentication of ethernet users.
something similar to daloradius for wifi.
I dont want to use pppoe. is there any way to connect daloradius with dhcp server, so when certain mac address asks for IP first daloradius will look if it is allowed.
I see a lot of suggestions for Squid Proxy as a solution to restrict Internet usage. It sounds like you would rather prevent them from even connecting to your network, in which case you could whitelist your DHCP list, use an ACL on a switch or router if you have one that supports it. Restricting the DHCP could possibly be bypassed by simply setting an IP rather than requesting one be assigned.
You could arrange dhcpd to only hand out static leases, and have iptables dynamically allow connections from the allocated IPs and block everything else.
Unfortunately, this would be very time-critical, as the DHCP-ACK packet will contain the source address just handed out.
Can you control ethernet users ? Exclude PPP type of connections. I want to control ethernet users by mac addres and if mac is acceptable, than give them IP form dhcp server.
Have you considered using iptables to allow only specific MACs to use your server? Like (example):
Code:
iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
iptables -A INPUT -m mac --mac-source YY:YY:YY:YY:YY:YY -j ACCEPT
iptables -A INPUT -m mac --mac-source ZZ:ZZ:ZZ:ZZ:ZZ:ZZ -j ACCEPT
iptables -A INPUT -j DROP
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.