Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How can I block web access for a given dial-up user? Or to put it another way, how do you set up an "e-mail only" account for a single user.
Running RH 6.1, Apache, Sendmail, RADIUS.
Everything I've seen in search responses deals with LANs in which access is blocked using ipchains for a single IP address, but that won't work for dial-up users getting different IPs on each dial-up attempt.
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Rep:
What kind of access are you trying to block? Are you trying to stop connections to your server from users of dial-up internet accounts? A little more information is needed.
We're a small ISP doing dial-up and satellite access. Recently had a couple of customers inquire about e-mail only accounts.
Trying to figure out how to block a dial-up customer from accessing the internet beyond our server/router and limit them to SMTP/POP3 functions only.
We're running Lucent Portmasters (PM3) as the dial-up servers, with RADIUS running on the RH server for authentication. Using a Cisco 2500 series router.
I've got a couple of customers requiring static IP addresses, which I've been able to do in RADIUS with no problem. I was thinking about a solution to assign the e-mail customer a fixed IP, and then somehow filter that address using IP chains or the router. I think the block would have to occur at the router, thus limiting the e-mail customer to our subnet.
Otherwise, I would need some sort of filter/block that looks at the username and dynamic IP address assigned by RADIUS that would work regardless of the IP assigned.
If there's a different/simpler approach, let me know....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.