On Tue, 2005-11-22 at 21:39 -0800, Mithun Bhattacharya wrote: > > --- Sandip Bhattacharya <[EMAIL PROTECTED]> wrote: > > > Is there a way to configure Linux to forward packets only if the IP > > address validates against a IP address-to MAC table? > > > > I have several machines which have priviledges based on their IP > > address > > like higher bandwidth, outgoing SMTP, etc. Now it is entirely > > possible, > > that when any of these machines are down (typcally at the end of the > > day or early morning), someone in the office can statically set their > > IP address to any of these and enjoy these priviledges. > > Cant you simply setup an appropriate DMZ basically a separate > subnetwork with a proper router in between the LAN and the DMZ which > will effectively prevent anyone becoming useful by changing their IP.
If security/abuse is of concern, then another approach would be to revoke "admin" privileges on all systems, set up DHCP and a local DNS to give a "fixed" IP address (based on MAC address) to privileged systems only (see man 5 dhcpd.conf) and a different range of IP numbers to "junta" systems. -- Arun Khan Linux is like a wigwam - no gates, no windows, apache inside ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
