[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] K12OSN Digest, Vol 80, Issue 17



You could modify the iptables rules to block unknown MAC addresses. This will only work if there is no router between the server and clients.  Anybody able to spoof the MAC from a thin client would still have access, however setting this up shouldn't take too long and should serve the purpose of discouraging casual misuse of the thin client network cables.

Here's a link to a discussion on the matter with some examples. I don't have a specific script to recommend.

http://www.linuxquestions.org/questions/linux-security-4/desperate-iptables-block-users-by-mac-address-125661/

Sean 

________________________________________
From: k12osn-bounces redhat com [k12osn-bounces redhat com] On Behalf Of k12osn-request redhat com [k12osn-request redhat com]
Sent: Wednesday, October 27, 2010 9:00 AM
To: k12osn redhat com
Subject: K12OSN Digest, Vol 80, Issue 17

Send K12OSN mailing list submissions to
        k12osn redhat com

To subscribe or unsubscribe via the World Wide Web, visit
        https://www.redhat.com/mailman/listinfo/k12osn
or, via email, send a message with subject or body 'help' to
        k12osn-request redhat com

You can reach the person managing the list at
        k12osn-owner redhat com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of K12OSN digest..."


Today's Topics:

   1. Re: Local apps question (Burke Almquist)
   2. Re: Local apps question (Lewis Holcroft)


----------------------------------------------------------------------

Message: 1
Date: Tue, 26 Oct 2010 18:37:31 -0500
From: Burke Almquist <burke thealmquists net>
To: "Support list for open source software in schools."
        <k12osn redhat com>
Subject: Re: [K12OSN] Local apps question
Message-ID: <506CA108-7F20-40D1-819B-422162628D0E thealmquists net>
Content-Type: text/plain; charset=us-ascii

You could set up your dhcp server to only give out addresses to known clients by mac address, but I guess technically I guess they could still use a static ip, netmask, and gateway.
You'd have to set up a non-transparent proxy if you want to block internet access for PCs.

On Oct 26, 2010, at 12:14 AM, Joseph Bishay wrote:

> Hello,
>
> I hope everyone is well.
>
> I am interested in setting up local apps on Edubuntu.  I understand
> that when I activate the local apps option, one thing I must do is set
> up the server so it transmits the Internet through to the thin clients
> (I am running a two-NIC server setup).
>
> My question is, if someone unplugs the thin client network cable from
> the wall, and plugs in their own laptop, will then then be given an IP
> address by the server and given Internet/network access? If so, is
> there a way to stop this?
>
> Thank you
> Joseph
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>




------------------------------

Message: 2
Date: Tue, 26 Oct 2010 20:29:15 -0400
From: Lewis Holcroft <lewis pcc com>
To: "Support list for open source software in schools."
        <k12osn redhat com>
Subject: Re: [K12OSN] Local apps question
Message-ID: <B343EE00-1CF8-4110-B4C5-C9AD91908BDC pcc com>
Content-Type: text/plain;       charset=us-ascii

Assuming you have set up dhcp as below and you still have issues. Depending on your switch and the amount of time you want to spend managing the the issue. You can bind the thin client MAC to the port on the switch. Then have the port only talk to that MAC. This can be done centrally with FreeRadius. While I found this can be done. It was a great deal of effort to get working.  In the end we posted our policy that states you do not unplug stuff and if you do you will be chastised in various ways.

Lewis



On Oct 26, 2010, at 7:37 PM, Burke Almquist <burke thealmquists net> wrote:

> You could set up your dhcp server to only give out addresses to known clients by mac address, but I guess technically I guess they could still use a static ip, netmask, and gateway.
> You'd have to set up a non-transparent proxy if you want to block internet access for PCs.
>
> On Oct 26, 2010, at 12:14 AM, Joseph Bishay wrote:
>
>> Hello,
>>
>> I hope everyone is well.
>>
>> I am interested in setting up local apps on Edubuntu.  I understand
>> that when I activate the local apps option, one thing I must do is set
>> up the server so it transmits the Internet through to the thin clients
>> (I am running a two-NIC server setup).
>>
>> My question is, if someone unplugs the thin client network cable from
>> the wall, and plugs in their own laptop, will then then be given an IP
>> address by the server and given Internet/network access? If so, is
>> there a way to stop this?
>>
>> Thank you
>> Joseph
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN redhat com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>



------------------------------

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn

End of K12OSN Digest, Vol 80, Issue 17
**************************************


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]