Security :: Restrict Access To Network To Only Dhcp Assigned Ip's?
Feb 28, 2011
I'm trying to tighten up my network a bit. I've given my dhcp server a list of static mac addresses and ip's for computers i know, and a very short range of dhcp addresses that are redirected to kittenwar.My dilemma is that if someone has my wireless network password, or an ethernet cable, they could set the ip address manually and gain access.how can i deny them this pleasure?im running dhcpd3, and iptables on a debian/lenny intel 2.4 box. dd-wrt is running in a linksys wrt54g and is handling the wireless security
View 7 Replies
ADVERTISEMENT
Feb 18, 2011
my team is working on network thier termial is windows and my server is linux centos we work on simple network with out domainmy user works on files on the server, can I deman ser name and passwork when they try to change to the shared files on the servernd can i monitor which user chaned a fileI have css developer and he is only allowed to create and modify css files can i do this ?
View 3 Replies
View Related
Aug 7, 2011
I am just trying to get SSH working between 2 local machines on OpensSuse 11.4 boxes. I have the SSHD daemon running, the firewall is configured to allow SSH to pass, and I am using SSH's password authentication. However, my machines cannot see each other. Anytime I try to SSH, I get "Could not resolve hostname<hostname>: Name or service not known."
Of course, that leads me to believe I need an entry in my /etc/hosts file. However, I use DHCP, and therefore have a dynamic IP address. Therefore, my hosts names will only be good until the next IP renewal. How in the world do I configure SSH with a DHCP assigned address?
View 4 Replies
View Related
Sep 24, 2010
I heard we can set security in /etc/hosts.allow and /etc/hosts.deny on user base also like something user@domain or something if so how can I restrict a user to access particular service by his/her user name in a particular host via /etc/hosts.allow or /etc/hosts.deny
View 3 Replies
View Related
Jul 28, 2011
I'm running Natty and have made two logins on the system. One for myself and family and one for the kids (teens 14-15yr) to play in without Internet access via Admin "Users and Groups". I have hidden the Internet software icons on their screen amongst others i don't want them to see on the menus. On our screen I use a Firefox addon called "Web Of Trust" that can be configured easily for the kids and another addon called 'Blocksite' that I can selectively use for them and myself etc.
I have found out that they have still been able to get on to the net somehow under their login. Will have to observe again!! In the users settings for the kids the tick box for 'Internet'and 'use modem' access is un-ticked so I presumed that would be enough! Not so!!
View 8 Replies
View Related
Mar 17, 2010
I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.Eg: users a can ssh from 192.168.*.*user b can sftp from 200.*.*
View 2 Replies
View Related
Jan 21, 2011
I have been trying to get Squid to work so that I can restrict access to a particular web site during certain hours every night. I can't seem to get it working, however. I am still able to access the site. The following are the relevant lines from my squid.conf file:
acl restricted-domain dstdomain "/etc/squid/denied_domains.acl"
acl test time 19:00-20:00
acl bedtime time 22:00-23:59
[code]...
View 2 Replies
View Related
Feb 6, 2010
I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.
Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.
Code:
Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.
Code:
Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?
I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.
I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.
View 7 Replies
View Related
Oct 1, 2015
I'm running jessie on virtualbox.
I set staticIP at /etc/network/interfaces.
When I stop/start vm(not restart), dhclient becomes up and ip is assigned by dhcp. Why?
--------------------------------
yoshi@vbox:~$ uname -a
Linux vbox 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux
--------------------------------
yoshi@vbox:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
[Code] ....
View 1 Replies
View Related
Apr 16, 2010
I just installed Fedora 13 on my ESX box.I have Fedora 13 Machine which was early having 1 network adapter.I added a new Interface type: e1000 to this VM.Now,My ifconfig says:
Code:
[root@fedora-13 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:BA:00:15
inet6 addr: fe80::250:56ff:feba:15/64 Scope:Link
All i was trying to provide IP to eth0 and eth1 through dhcp.is it possible to provide two IP address to eth0 and eth1 both through DHCP.
View 4 Replies
View Related
Aug 13, 2010
I would like to create several aliases to eth0, but have the addresses assigned by DHCP instead of being set to static IP's. Is this even possible? All the examples I've seen assign a static IP using the command:
ifconfig eth0:0 192.168.1.11 up
View 5 Replies
View Related
Nov 1, 2010
i hav configure dhcp server. but the ip is not getting assigned to my client machine.
View 3 Replies
View Related
Jul 24, 2010
how to display status of assigned & free ip addresses in a DHCP range assuming that i am working on a DHCP server ?
View 1 Replies
View Related
May 20, 2010
I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.31 192.168.1.254;
default-lease-time 345600;
[code]....
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs) Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";
}
[code]....
I've try using iptables with following configuration, but XP still getting IP from dhcpd:
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
[code]....
View 2 Replies
View Related
Aug 19, 2010
I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration:
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.31 192.168.1.254;
default-lease-time 345600;
max-lease-time 691200;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "lab.com";
option domain-name-servers 192.168.1.12;
option netbios-name-servers 192.168.1.12;
option netbios-node-type 8;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.12;
ddns-updates on;
ddns-update-style interim;
}
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs)
Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";
}
pool {
range 192.168.1.31 192.168.1.254;
allow members of "private-hosts";
}
I've try using iptables with following configuration, but XP still getting IP from dhcpd:
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Full from Localhost to Localhost
iptables -A INPUT -i lo -j ACCEPT
# Full from My PC
iptables -A INPUT -s 192.168.1.2 -j ACCEPT
So I can't limit DHCP for specific macs.
View 8 Replies
View Related
Aug 18, 2010
I set up a dhcp server in the lan and assigned static ips to two computers, computer A and B, according to their mac address. Everything was running fine. But when I turned off computer A, connected computer C to the network, and assigned computer A's static ip to computer C without changing dhcp setting. Computer C was able to access the internet. When I turned on computer A, dhcp couldn't assign an ip address to it, and computer C showed an error message of ip conflict and failed to use internet. I wonder if dhcp server is able to prevent other computer from using the same static ip that is already assigned to a computer according to its mac address.
View 5 Replies
View Related
Mar 25, 2010
Installed a security update for samba tonight via Opensuse updater.Now, when trying to access my home network an authentication box pops up (never used to)Asks me to enter authentication for my home network.I enter my username and password and hit enter. After a few seconds the authentication box pops up again askingfor the same indicating I have entered the wrong username / password combination (which I know I have not).
View 9 Replies
View Related
Nov 15, 2010
I'm a terrible procrastinator, it's awe-inspiring annoying and stressful. This in combination with being a information-holic makes the Internet fairly lethal to me; I risk failing my college course because of it, so trust me when I say I'm deadly serious about this.
However, I think you guys may be able to help out, and maybe this will also help some people here with similar problems:
Because so much of my time is taken up with Interwebz, I thought to carefully restrict my internet use. It's not prefect, but it's part of a solution.
To date: I have Firefox and the ProCon extension which uses a whitelist of websites I can access. The extension cannot be uninstalled/disabled and I use a long hex password split into 3 parts, two of which my friends have (so I have to ask my friends for the password parts in order to update the whitelist, hence making it socially awkward to fritter away time online).
So far, it has worked a treat and I'm really pleased with it.
However, this is the problem:
I need to restrict web access so *only* Firefox can access the web. That way I cannot use Chrome/Opera, or even (shudder) use wine to run Internet Exploder.
View 6 Replies
View Related
Apr 25, 2009
I just upgraded from Ubuntu 8.10 to 9.04. I installed Webmin 1.470 but when I tried to run it from Firefox 3.09 I got the following message.
localhost:10000 uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer).
Never had this problem with Ubuntu 8.04.
View 9 Replies
View Related
Feb 8, 2011
I have 2 ubuntu PCs, which are connected to the internet without an external IP (behind NAT). How can I access one from another?
View 3 Replies
View Related
Aug 19, 2010
I have Ubuntu command line only installed on my HTPC (it is XBMC Live installation). Kernel is 2.6.31-16-generic. My wi-fi card is AW-NE770 from AzureWave (mini-pci on Zotac Atom motherboard). I have successfully configured wireless connection to my router. Unfortunately, after short period of time connection drops. When I restart /etc/network/interfaces all goes back to normal. When connection is dropped, iwconfig shows that access point is not assigned. I have already tried installing backport drivers, removing security on the network (WEP and WPA), assigning static IP or using DHCP. Nothing works. I know it is not the router or my internet because I can be at the same time on my laptop and that works fine.
View 1 Replies
View Related
Mar 31, 2011
I have been issued 16 IP's my my ISP. Obviously my subnet is 240. is there a way I can take one or any of those IP's and somehow make them into their own network on my end? Really what I am wanting to do is take my 2 DNS servers that are really on the same network far as my assigned subnet and IP's, but take at least one of those IP's and sub-network? it out to the other DNS so it appears to be on another net work. like just simply assign it 192.168.219 255.255.255.255 or something like that.
View 10 Replies
View Related
Aug 13, 2010
That would seem like an elementary feature to be able to enable only a few system applications access to the Internet. That would prevent trojans to download your HD for examples. I looked around and played with iptables but I couldn't not find anything that do the job. I loaded the xt_owner kernel for iptables but the --cmd-owner command is lacking. That was my holy grail but could not get --cmd-owner to work. iptables -I OUTPUT -m owner --cmd-owner "firefox" -j LOG --log-prefix "Testing " How can I protect my machine against the enemy within.
OpenSuse 11.2
Kernel: 2.6.31.12-0.2-desktop
View 1 Replies
View Related
Apr 7, 2011
I m new with Fedora 14, and i have a basic business case :
I want to setup a user which should
- only connect to the server with SSH (ex.: no X11 connection).
- cannot change its shell
- cannot do any SU / SUDO command
This user is very similar to a SERVICE user, as I expect him only to run a single program (its shell).
View 7 Replies
View Related
Apr 14, 2010
I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies
View Related
Sep 24, 2009
Need to restrict cvs login from specific IPs
in file /etc/security/access.conf
+ : builduser : 10.200.2.1
Do not work
when changed to ALL as below it works
+ : builduser : ALL
View 2 Replies
View Related
Jan 26, 2011
I would like to allow a user to login through SSH but with different permission coming from different ipaddress.
For example, a user "tester" login to SSH through 192.168.1.1 and another user login with the same login id "tester" but from different ip 192.168.1.2.
How do I restrict 192.168.1.2 to only allow for viewing the content in the home directory while giving 192.168.1.1 full access?
View 7 Replies
View Related
Jan 6, 2010
Here's the beginning of the issue: I'm running Fedora 12 with httpd and sshd. I want to create a user with a scponly shell for sftp access, but this user should ONLY be able to view /the/http/base/dir and its subdirectories. The user should not be able to see or get into directories above the httpd base. Someone mentioned creating a chroot jail for sshd and binding the httpd base to that dir, but this seems like more work than is necessary for the application I wish. Also mentioned was creating a user, say user1 with a selinux user setting of staff_r. I have read the articles and creating a user of staff_r isn't overly difficult, but how would I make it where staff_r would be restricted to where I want them to be? If I'm not mistaken, that would require changing the context of /the/httpd/base/dir?
View 4 Replies
View Related
May 3, 2011
I want to restrict user for SSH Logon, but able to use SFTP.
Also, i like to know how to restrict a user on SSH from everywhere except one host.
View 5 Replies
View Related
Oct 7, 2010
I'm running Ubuntu Server 10.04 32-bit.I'm looking to find if there is anyway I can lock down ubuntu so that remote access, whether it be SSH, ftp, apache.etc can be only accessed from a certain IP range, or a certain set of IPs?Essentially, we'll say the Server IP is 192.168.1.32, and I want the IP addresses 192.168.1.33-50 to be able to access the server, but no other IPs.I am in a switched environment, router's are not allowed to be placed on the network, and I do not have access to a DNS or DHCP server.Is there a way to do this in on the server via a configuration of some sort?
View 3 Replies
View Related
