Security :: Restrict Access To Network To Only Dhcp Assigned Ip's?

Feb 28, 2011

I'm trying to tighten up my network a bit. I've given my dhcp server a list of static mac addresses and ip's for computers i know, and a very short range of dhcp addresses that are redirected to kittenwar.My dilemma is that if someone has my wireless network password, or an ethernet cable, they could set the ip address manually and gain can i deny them this pleasure?im running dhcpd3, and iptables on a debian/lenny intel 2.4 box. dd-wrt is running in a linksys wrt54g and is handling the wireless security

View 7 Replies


Security :: Restrict Access On Windows Network?

Feb 18, 2011

my team is working on network thier termial is windows and my server is linux centos we work on simple network with out domainmy user works on files on the server, can I deman ser name and passwork when they try to change to the shared files on the servernd can i monitor which user chaned a fileI have css developer and he is only allowed to create and modify css files can i do this ?

View 3 Replies View Related

OpenSUSE Network :: How In World Do I Configure SSH With DHCP Assigned Address

Aug 7, 2011

I am just trying to get SSH working between 2 local machines on OpensSuse 11.4 boxes. I have the SSHD daemon running, the firewall is configured to allow SSH to pass, and I am using SSH's password authentication. However, my machines cannot see each other. Anytime I try to SSH, I get "Could not resolve hostname<hostname>: Name or service not known."

Of course, that leads me to believe I need an entry in my /etc/hosts file. However, I use DHCP, and therefore have a dynamic IP address. Therefore, my hosts names will only be good until the next IP renewal. How in the world do I configure SSH with a DHCP assigned address?

View 4 Replies View Related

Security :: Restrict A User To Access Particular Service?

Sep 24, 2010

I heard we can set security in /etc/hosts.allow and /etc/hosts.deny on user base also like something user@domain or something if so how can I restrict a user to access particular service by his/her user name in a particular host via /etc/hosts.allow or /etc/hosts.deny

View 3 Replies View Related

Ubuntu Security :: Restrict Internet Access For Kids?

Jul 28, 2011

I'm running Natty and have made two logins on the system. One for myself and family and one for the kids (teens 14-15yr) to play in without Internet access via Admin "Users and Groups". I have hidden the Internet software icons on their screen amongst others i don't want them to see on the menus. On our screen I use a Firefox addon called "Web Of Trust" that can be configured easily for the kids and another addon called 'Blocksite' that I can selectively use for them and myself etc.

I have found out that they have still been able to get on to the net somehow under their login. Will have to observe again!! In the users settings for the kids the tick box for 'Internet'and 'use modem' access is un-ticked so I presumed that would be enough! Not so!!

View 8 Replies View Related

Security :: Restrict Sftp Access And Changing Its Port?

Mar 17, 2010

I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.Eg: users a can ssh from 192.168.*.*user b can sftp from 200.*.*

View 2 Replies View Related

Security :: Using Squid To Restrict Access During Certain Hours But Only To Certain Websites?

Jan 21, 2011

I have been trying to get Squid to work so that I can restrict access to a particular web site during certain hours every night. I can't seem to get it working, however. I am still able to access the site. The following are the relevant lines from my squid.conf file:

acl restricted-domain dstdomain "/etc/squid/denied_domains.acl"
acl test time 19:00-20:00
acl bedtime time 22:00-23:59


View 2 Replies View Related

Security :: IPTABLES - Restrict Internet Access Based On Time Of Day And MAC Address

Feb 6, 2010

I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.

Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.


Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.


Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?

I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.

I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.

View 7 Replies View Related

Debian Configuration :: VM Is Assigned IP By DHCP At Reconnect

Oct 1, 2015

I'm running jessie on virtualbox.

I set staticIP at /etc/network/interfaces.

When I stop/start vm(not restart), dhclient becomes up and ip is assigned by dhcp. Why?
yoshi@vbox:~$ uname -a
Linux vbox 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux
yoshi@vbox:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

[Code] ....

View 1 Replies View Related

General :: Two DHCP IP Assigned To A Single Machine?

Apr 16, 2010

I just installed Fedora 13 on my ESX box.I have Fedora 13 Machine which was early having 1 network adapter.I added a new Interface type: e1000 to this VM.Now,My ifconfig says:


[root@fedora-13 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:BA:00:15
inet6 addr: fe80::250:56ff:feba:15/64 Scope:Link

All i was trying to provide IP to eth0 and eth1 through it possible to provide two IP address to eth0 and eth1 both through DHCP.

View 4 Replies View Related

General :: Ifconfig Alias Address Assigned By DHCP

Aug 13, 2010

I would like to create several aliases to eth0, but have the addresses assigned by DHCP instead of being set to static IP's. Is this even possible? All the examples I've seen assign a static IP using the command:
ifconfig eth0:0 up

View 5 Replies View Related

Networking :: Configure Dhcp Server - Ip Is Not Getting Assigned To Client Machine

Nov 1, 2010

i hav configure dhcp server. but the ip is not getting assigned to my client machine.

View 3 Replies View Related

General :: Display Status Of Assigned & Free Ip Addresses In A DHCP Range?

Jul 24, 2010

how to display status of assigned & free ip addresses in a DHCP range assuming that i am working on a DHCP server ?

View 1 Replies View Related

Networking :: Restrict Dhcp Assignment To A List Of Macs?

May 20, 2010

I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration

subnet netmask {
default-lease-time 345600;


I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs) Using the following option is not good to me because I have not a pattern in my clients mac.

class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";


I've try using iptables with following configuration, but XP still getting IP from dhcpd:

iptables -P INPUT DROP


View 2 Replies View Related

Networking :: Restrict DHCP Assignment To List Of Macs

Aug 19, 2010

I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration:
subnet netmask {
default-lease-time 345600;
max-lease-time 691200;
option routers;
option subnet-mask;
option domain-name "";
option domain-name-servers;
option netbios-name-servers;
option netbios-node-type 8;
option broadcast-address;
option ntp-servers;
ddns-updates on;
ddns-update-style interim;

I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs)
Using the following option is not good to me because I have not a pattern in my clients mac.

class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";
pool {
allow members of "private-hosts";

I've try using iptables with following configuration, but XP still getting IP from dhcpd:
iptables -P INPUT DROP
# Full from Localhost to Localhost
iptables -A INPUT -i lo -j ACCEPT
# Full from My PC
iptables -A INPUT -s -j ACCEPT
So I can't limit DHCP for specific macs.

View 8 Replies View Related

Ubuntu Networking :: Assigned Computer A's Static Ip To Computer C Without Changing Dhcp Setting?

Aug 18, 2010

I set up a dhcp server in the lan and assigned static ips to two computers, computer A and B, according to their mac address. Everything was running fine. But when I turned off computer A, connected computer C to the network, and assigned computer A's static ip to computer C without changing dhcp setting. Computer C was able to access the internet. When I turned on computer A, dhcp couldn't assign an ip address to it, and computer C showed an error message of ip conflict and failed to use internet. I wonder if dhcp server is able to prevent other computer from using the same static ip that is already assigned to a computer according to its mac address.

View 5 Replies View Related

OpenSUSE Network :: Samba Security Update / Lost Access To Network

Mar 25, 2010

Installed a security update for samba tonight via Opensuse updater.Now, when trying to access my home network an authentication box pops up (never used to)Asks me to enter authentication for my home network.I enter my username and password and hit enter. After a few seconds the authentication box pops up again askingfor the same indicating I have entered the wrong username / password combination (which I know I have not).

View 9 Replies View Related

General :: Restrict Web Access So *only* Firefox Can Access The Web

Nov 15, 2010

I'm a terrible procrastinator, it's awe-inspiring annoying and stressful. This in combination with being a information-holic makes the Internet fairly lethal to me; I risk failing my college course because of it, so trust me when I say I'm deadly serious about this.

However, I think you guys may be able to help out, and maybe this will also help some people here with similar problems:

Because so much of my time is taken up with Interwebz, I thought to carefully restrict my internet use. It's not prefect, but it's part of a solution.

To date: I have Firefox and the ProCon extension which uses a whitelist of websites I can access. The extension cannot be uninstalled/disabled and I use a long hex password split into 3 parts, two of which my friends have (so I have to ask my friends for the password parts in order to update the whitelist, hence making it socially awkward to fritter away time online).

So far, it has worked a treat and I'm really pleased with it.

However, this is the problem:

I need to restrict web access so *only* Firefox can access the web. That way I cannot use Chrome/Opera, or even (shudder) use wine to run Internet Exploder.

View 6 Replies View Related

Ubuntu :: Localhost Uses Invalid Security Certificate (Self Assigned)

Apr 25, 2009

I just upgraded from Ubuntu 8.10 to 9.04. I installed Webmin 1.470 but when I tried to run it from Firefox 3.09 I got the following message.

localhost:10000 uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer).

Never had this problem with Ubuntu 8.04.

View 9 Replies View Related

Ubuntu Networking :: Remote Access Without A Static/assigned Ip (behind NAT)

Feb 8, 2011

I have 2 ubuntu PCs, which are connected to the internet without an external IP (behind NAT). How can I access one from another?

View 3 Replies View Related

Ubuntu Networking :: Wireless Connection Drops - Access Point Not Assigned

Aug 19, 2010

I have Ubuntu command line only installed on my HTPC (it is XBMC Live installation). Kernel is 2.6.31-16-generic. My wi-fi card is AW-NE770 from AzureWave (mini-pci on Zotac Atom motherboard). I have successfully configured wireless connection to my router. Unfortunately, after short period of time connection drops. When I restart /etc/network/interfaces all goes back to normal. When connection is dropped, iwconfig shows that access point is not assigned. I have already tried installing backport drivers, removing security on the network (WEP and WPA), assigning static IP or using DHCP. Nothing works. I know it is not the router or my internet because I can be at the same time on my laptop and that works fine.

View 1 Replies View Related

Networking :: Separate Assigned IP To Another Network / Sub

Mar 31, 2011

I have been issued 16 IP's my my ISP. Obviously my subnet is 240. is there a way I can take one or any of those IP's and somehow make them into their own network on my end? Really what I am wanting to do is take my 2 DNS servers that are really on the same network far as my assigned subnet and IP's, but take at least one of those IP's and sub-network? it out to the other DNS so it appears to be on another net work. like just simply assign it 192.168.219 or something like that.

View 10 Replies View Related

Security :: Controlling External Network Access Per Processes?

Aug 13, 2010

That would seem like an elementary feature to be able to enable only a few system applications access to the Internet. That would prevent trojans to download your HD for examples. I looked around and played with iptables but I couldn't not find anything that do the job. I loaded the xt_owner kernel for iptables but the --cmd-owner command is lacking. That was my holy grail but could not get --cmd-owner to work. iptables -I OUTPUT -m owner --cmd-owner "firefox" -j LOG --log-prefix "Testing " How can I protect my machine against the enemy within.

OpenSuse 11.2

View 1 Replies View Related

Fedora Security :: Restrict User To Ssh?

Apr 7, 2011

I m new with Fedora 14, and i have a basic business case :

I want to setup a user which should

- only connect to the server with SSH (ex.: no X11 connection).
- cannot change its shell
- cannot do any SU / SUDO command

This user is very similar to a SERVICE user, as I expect him only to run a single program (its shell).

View 7 Replies View Related

Ubuntu Security :: Restrict Users In 9 ?

Apr 14, 2010

I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?

View 1 Replies View Related

Security :: Restrict Cvs Login From Specific IPs

Sep 24, 2009

Need to restrict cvs login from specific IPs

in file /etc/security/access.conf
+ : builduser :

Do not work

when changed to ALL as below it works
+ : builduser : ALL

View 2 Replies View Related

Security :: How To Restrict Permission To Ssh User

Jan 26, 2011

I would like to allow a user to login through SSH but with different permission coming from different ipaddress.

For example, a user "tester" login to SSH through and another user login with the same login id "tester" but from different ip

How do I restrict to only allow for viewing the content in the home directory while giving full access?

View 7 Replies View Related

Security :: Restrict User To One Directory Only?

Jan 6, 2010

Here's the beginning of the issue: I'm running Fedora 12 with httpd and sshd. I want to create a user with a scponly shell for sftp access, but this user should ONLY be able to view /the/http/base/dir and its subdirectories. The user should not be able to see or get into directories above the httpd base. Someone mentioned creating a chroot jail for sshd and binding the httpd base to that dir, but this seems like more work than is necessary for the application I wish. Also mentioned was creating a user, say user1 with a selinux user setting of staff_r. I have read the articles and creating a user of staff_r isn't overly difficult, but how would I make it where staff_r would be restricted to where I want them to be? If I'm not mistaken, that would require changing the context of /the/httpd/base/dir?

View 4 Replies View Related

Security :: Restrict A User On SSH From Everywhere Except One Host?

May 3, 2011

I want to restrict user for SSH Logon, but able to use SFTP.

Also, i like to know how to restrict a user on SSH from everywhere except one host.

View 5 Replies View Related

Ubuntu Servers :: Restrict Access To Particular IP?

Oct 7, 2010

I'm running Ubuntu Server 10.04 32-bit.I'm looking to find if there is anyway I can lock down ubuntu so that remote access, whether it be SSH, ftp, apache.etc can be only accessed from a certain IP range, or a certain set of IPs?Essentially, we'll say the Server IP is, and I want the IP addresses to be able to access the server, but no other IPs.I am in a switched environment, router's are not allowed to be placed on the network, and I do not have access to a DNS or DHCP server.Is there a way to do this in on the server via a configuration of some sort?

View 3 Replies View Related

Copyrights 2005-15, All rights reserved