Re: help on masquerading

2004-06-29 Thread Kevin Mark
On Tue, Jun 29, 2004 at 04:01:46PM +0545, Ritesh Raj Sarraf wrote: > On Tue, 29 Jun 2004, Kevin Mark wrote: > > > On Tue, Jun 29, 2004 at 02:09:36PM +0545, Ritesh Raj Sarraf wrote: > > > I think I've got a little confused. For example I hit the following: > > > > > > iptables -P FORWARD DROP > >

Re: help on masquerading

2004-06-29 Thread Ritesh Raj Sarraf
On Tue, 29 Jun 2004, Kevin Mark wrote: > On Tue, Jun 29, 2004 at 02:09:36PM +0545, Ritesh Raj Sarraf wrote: > > I think I've got a little confused. For example I hit the following: > > > > iptables -P FORWARD DROP > > iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE > > xx would be the ha

Re: help on masquerading

2004-06-29 Thread Kevin Mark
On Tue, Jun 29, 2004 at 02:09:36PM +0545, Ritesh Raj Sarraf wrote: > I think I've got a little confused. For example I hit the following: > > iptables -P FORWARD DROP > iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE > xx would be the hardware address. > Now wouldn't he be able to change

Re: help on masquerading

2004-06-29 Thread John Summerfield
Ritesh Raj Sarraf wrote: On Tue, 29 Jun 2004, John Summerfield wrote: You didn't say whose machines they are nor what OS they're running. If they're yours you can lock them down so the users can't do those things. I think, here the issue isn't what OS they'll be running. It's okay if they

Re: help on masquerading

2004-06-29 Thread Ritesh Raj Sarraf
I think I've got a little confused. For example I hit the following: iptables -P FORWARD DROP iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE xx would be the hardware address. Now wouldn't he be able to change the ip and still be connected because he still has the same hardware mac addre

Re: help on masquerading

2004-06-29 Thread Ritesh Raj Sarraf
On Tue, 29 Jun 2004, John Summerfield wrote: > > You didn't say whose machines they are nor what OS they're running. If > they're yours you can lock them down so the users can't do those things. > I think, here the issue isn't what OS they'll be running. It's okay if they run TCP. > You can ru

Re: help on masquerading

2004-06-29 Thread Hiren
how about limiting on MAC addresses :? On Tue, 29 Jun 2004, Ritesh Raj Sarraf wrote: > Hello all, > I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the internet > and eth1(192.168.100.x) to my local network customers. I've enabled nat and my > customers are able to brow

Re: help on masquerading

2004-06-29 Thread John Summerfield
Ritesh Raj Sarraf wrote: Hello all, I have a masquerading server with 2 ethernet cards, eth0(202.52.x.x) to the internet and eth1(192.168.100.x) to my local network customers. I've enabled nat and my customers are able to browse the internet well (My customer are cyber cafe owners). I've limited