LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 11-24-2012, 10:46 PM   #1
deepak_message
Member
 
Registered: Oct 2007
Posts: 156

Rep: Reputation: 16
How to access abc@192.168.0.1 from 192.168.0.5 only


Hi,

Due to some security reason, I am looking access by particular user from the single mahcine only. there should not block all user also from this machine and other mchine also.

Actually, I have one machine, its ip is 192.168.0.1 and user abc.

I am looking abc@192.168.0.1 can be access by 192.168.0.5 only. can't be access from different machine by this abc@192.168.0.1

Other user's should not effect and 192.168.0.1 should be access by any machine.

my intentation to make the rule for abc@192.168.0.1 only. there should not be other.

SO, please friends help me.
 
Old 11-25-2012, 07:59 AM   #2
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 748
Blog Entries: 6

Rep: Reputation: 74
6 times i read this , still not clear enought for me

1) is this mean you have a machine ip 192.168.0.1
this machine only have one user is abc
or
2) this machine have many user , abc is one of them
and you want to block abc only

if no (1) you can use tcp-wrapper to block ip 192.168.0.1 from login to 192.168.0.5
if no (2) you can define the service abc@192.168.0.1 in the 192.168.0.5

please clear it up
 
Old 11-25-2012, 08:06 AM   #3
hamlindsza
Member
 
Registered: Aug 2012
Distribution: Debian, CentOS
Posts: 74

Rep: Reputation: Disabled
Quote:
I am looking abc@192.168.0.1 can be access by 192.168.0.5 only.
I assume when you say access you mean access via ssh. On the 192.168.0.1 machine, add a firewall rule:
iptables -I INPUT -p tcp ! -s 192.168.0.5 --dport 22 -j DROP

This rule will allow ssh traffic from 192.168.0.5 ip.
 
Old 11-25-2012, 09:40 AM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
There is an owner module that you can use on the 192.168.0.1 machine, with the ABC user. You can use it in the output and forward chains.
http://www.cyberciti.biz/tips/block-...-iptables.html

If you want to control access to the 192.168.0.5 machine, per user, authentication is normally used rather than IP Tables.
For example "AllowUsers ABC" in sshd_config will only allow user ABC to log in.
 
Old 11-25-2012, 03:06 PM   #5
jefro
Guru
 
Registered: Mar 2008
Posts: 10,275

Rep: Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258Reputation: 1258
Using IP addresses (or mac addresses) is a poor way to secure a connection. Consider using some other form of authentication.
 
Old 11-25-2012, 08:57 PM   #6
deepak_message
Member
 
Registered: Oct 2007
Posts: 156

Original Poster
Rep: Reputation: 16
Thank you so much guys for your reply.

Hi Reuter,

Let me tell you actually seniaro, I am installing platespin in our envoirnment. and I want to create plspin account on making replication for on the server. plspin has the equivalent right as root(sudo no password).

so, I want to access this server(1992.168.0.1) by plspin account from 192.168.0.5 only.
 
Old 11-30-2012, 04:36 AM   #7
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 748
Blog Entries: 6

Rep: Reputation: 74
Quote:
Originally Posted by deepak_message View Post
Thank you so much guys for your reply.

Hi Reuter,

Let me tell you actually seniaro, I am installing platespin in our envoirnment. and I want to create plspin account on making replication for on the server. plspin has the equivalent right as root(sudo no password).

so, I want to access this server(1992.168.0.1) by plspin account from 192.168.0.5 only.
did you read some other ppl reply if that is not what you want , mean they also not understand your question or not clear enought to understand what is your actually need, btw sorry my english also not very good

ok come this way

1)plspin@server05 want to ssh to plspin@server01 <- do you want to allow/block this ? answer= allow or block
2)userA@server05 want to ssh to userA@server01 <- do you want to allow/block this ? answer= allow or block


hope this way can make little bit clear your satuation, btw what is that plspin i googling arround i got nothing
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] iptables 192.168.1.x server, can't ping by 192.168.0.x momok Linux - Security 2 06-02-2011 01:32 AM
[root@wlxxb ~]# telnet 192.168.192.12 25 Trying 192.168.192.12... telnet problem cnhawk386 Linux - Networking 1 10-10-2007 02:50 PM
pinging 192.168.0.10 from 192.168.2.101 cov Linux - Networking 12 05-03-2007 10:21 AM
What route to access daisy chained 2d router 192.168.1.1 after 192.168.0.1 (subnets?) Emmanuel_uk Linux - Networking 6 05-05-2006 01:47 AM
Is someone on my network?! ::ffff:192.168.0.10:ssh ::ffff:192.168.0.:38201 ESTABLISHE ming0 Linux - Security 4 04-12-2005 01:04 AM


All times are GMT -5. The time now is 08:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration