Securing a network by only allowing traffic from certain ip addy's or maybe mac addy
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Securing a network by only allowing traffic from certain ip addy's or maybe mac addy
Hey all,
I am trying to secure my home network and I have been wondering something. Say I want to set up something where I only allow the ip addresses I set up to access anything. IE: Gateway/firewall is 192.168.1.2, My PC is 192.168.1.200 and I want to be able to access the network and do everything a normal person would, now some person comes over to my house, plugs his laptop into my network and gives himself an ip address of 192.168.1.240 and I don't want him to be able to access anything at all on the network. How could I go about making this happen?
If there is a way to only allow certain ip addresses or even mac addresses to connect through the gateway, this would be great.
As always, any help would be greatly appreciated and I welcome all comments or suggestions.
You can definitely limit the network users by MAC address. Look at your router settings. The default is to allow everyone. Change that to "Limit access to these MAC addresses" or something similar to this.
I don't have a router, I just have a Slackware box with 2 nics attached to a hub on one end and attached to my modem on the other. If I would have known a router could do that I would have gotten one. Well I am trying to learn Slackware better then I already do so this can help me learn something new.
You can use iptables to specify that you only want your IP and MAC to get routed. Keep in mind that MACs are easily spoofed, so if you want something truly secure, you need to setup some type of authentication. Either that, or limit access to the ethernet ports which these people that come to your house currently have access to.
Code:
iptables -I FORWARD -i $LAN_IFACE -s ! 192.168.1.200 \
-m mac --mac-source ! xx:xx:xx:xx:xx:xx -j DROP
The above example would make it so any outgoing packets which don't have a source IP of 192.168.1.200 and a source MAC of xx:xx:xx:xx:xx:xx would get filtered. Replace $LAN_IFACE with the actual name of your LAN interface, and xx:xx:xx:xx:xx:xx with the actual MAC of your PC's NIC.
Sorry for such the delay for my reply but I have been busy. Thats the kind of information I was looking for. Allowing only a certain ip with a certain mac address is also a great idea. If I was able to set up some type of authentication to get an ip address, that would be even better.
I have found bits of info and am working on currently implementing it and shall post here how it went.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
