You can do better than this if you use a switch that allows head-end
restriction of what IP addresses (or MAC addresses; I'm a bit hazy on how
this works) can connect to each port, [...]
I checked the manuals of the four VH-2402S switches we use and yes, I can
restrict the use of a certain port
At 09:51 AM 10/30/02 +0100, Sanyarin wrote:
You can do better than this if you use a switch that allows head-end
restriction of what IP addresses (or MAC addresses; I'm a bit hazy on how
this works) can connect to each port, [...]
I checked the manuals of the four VH-2402S switches we use and
Ray Olszewski wrote:
At 09:51 AM 10/30/02 +0100, Sanyarin wrote:
You can do better than this if you use a switch that allows head-end
restriction of what IP addresses (or MAC addresses; I'm a bit hazy on
how
this works) can connect to each port, [...]
I checked the manuals of the four
At 08:38 AM 10/30/02 -0800, Tom Eastep wrote:
[...]
Actually, iptables DOES support filtering by source MAC address and in
Shorewall 1.3.10 (Beta available now), it is possible to do exactly what
Sanyarin is asking for.
Ah, I missed that. So you'd do a series of forward-chain rules something
At 02:54 PM 10/29/02 +0100, Sanyarin wrote:
[...]
- would it be possible to use the same machine that is running the router
as a 'public' (for my intranet) place to leave e.g. patches, driver updates
or other useful files on?
Possible? Yes. Any general-purpose Linux system (e.g., Red Hat,
Sanyarin,
If I needed a solution like you asked about I think I'd look into
seting up a second server as a proxy for web and ftp. With a proxy you
could (I think) log web and ftp URLs. Combine that with a mac address
and maybe switchport information would give you enough to track down a
What you want do is feasible. Authentication for outgoing traffic if
http can be done thro' squid. If you want masq or nat, look at Horatio.
It uses authentication for allowing nat/masq in a typical dhcp LAN where
each machines IP is dynamic and hence static IP filtering cannot be
applied. It runs
