2009/9/21 Jerry Vonau <jvo...@shaw.ca>: > Don't hand out the gateway address from the dhcp server? Limit access to > the net based on the mac addresses of OXs that are known to the XS > maybe? Cron script to change the iptables rules outside of school hours > maybe? Tell us what you would like to accomplish, the ideas will come.
Not yet completely clear in my head, but along the lines of pulling the MAC address when users login successfully to Moodle (which can only happen after registration). Those MAC addresses are then whitelisted with iptables, or the proxy or both. There are a few curly aspects that would need to be resolved there, - it has to allow access to services _on the XS_ to all IPs - it has to work with and without proxy - we can feed rules to iptables quickly, but our current proxy is *very* slow to restart - other issues I haven't thought about yet... Having Moodle & proxy knowing the MAC-IP-Username mapping does give us some control down the road in terms of logging too. This is, btw, fully post-dhcp. We would read the current leases DB from dhcp to map MAC-to-ip, but I want to avoid tricks that involve dhcp because they usually depend on very short leases on the "restricted" side, which means markedly increased dhcp traffic, which in turn is broadcast. And we got to minimise broadcast as it's murder on 802.11a/b/g/s.. Jerry, do you think these are reasonable? cheers. m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
