On Tue, 29 Jun 2004, John Summerfield wrote: > > You didn't say whose machines they are nor what OS they're running. If > they're yours you can lock them down so the users can't do those things. > I think, here the issue isn't what OS they'll be running. It's okay if they run TCP.
> You can run arpwatchd which will email ou whenever a new host arrives on > your LAN and whenever anyone changes IP. > That's a good option. But it'll be too late if they do such activity at night (when I'm not at office) and use it till my next working day at office. > You can configure DHCPD to serve out IP addresses, require all your > clients to use DHCP. In your configuration you can hard-code IP > addresses for everyone who's authorised to connect and use a dynamic > range for everyone else. You may choose to not route them outside the > LAN, give them IP addresses on a different subnet (they're all on the > same wire) and generally be devious, even to regularly changing the > allowed IP addresses! > I hadn't thought of DHCPD. I'll give a look at it. Thank you. > Google for pebble and nocat. They're wireless kit, but probably useful > to you to. Their purpose is to provide public Internet access and > require everyone to be authenticated. In a free (gratis) environment, > people can decline authentication and be authenticated as anonymous, > with different access rights. > > From what you have said, that could suit you very well. Especially if > you (want to) allow people to bring their wirelss laptops. > > Another gentleman on the debian-isp list provided a better suggestion (as I think). Restricting my customers with MAC address. I think this would be enough for my requirement. iptables -P FORWARD DROP iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE xx would be his mac address. Thanks for all the replies. Ritesh > > >Ritesh > > > > > > > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
