Find the answer to your Linux question:
Results 1 to 3 of 3
OK Guys I need help. I have a very small network (lets say x.y.z.0 - x.y.z.255). Now I do not have any control over the router. But I am in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2007
    Posts
    10

    Secure Network


    OK Guys I need help. I have a very small network (lets say x.y.z.0 - x.y.z.255). Now I do not have any control over the router. But I am in control of the switch that splits the network from one single physical line (wire). I have a bridge fire wall between the line and the switch that filters out the intrusion. The way I distribute the IP addresses is through a dhcp server (its a dynamically static IP), meaning some of the machines I put as static and the other machines that I trust and control (limited access) are set thru the dhcp with MAC address.

    Code:
    host LMNOP {
           hardware ethernet xx:xx:xx:xx:xx:xx;
           fixed-address x.y.z.20;
    }
    Not as you guys know we can set a subnet in the dncp.conf
    Code:
    # ip addresses available for everybody
    subnet x.y.z.0 netmask 255.255.255.0 {
           range x.y.z.200 x.y.z.220;
    }

    for IP addresses I have available and that I can give out to people who visit and hook up their computer to browse and do stuff, which we need. But recently someone has been trying to download some illegal stuff (p2p) via that open IP range. Now the way I limit my security outbreak is to trust my users and limit their activity. But how can I control the activity on that IP range? BTW - I do not have any VPN setup so no authentication process, I dont know how feasible it would be to setup one for such a small network! I do all my stuff via ssh.

    My thoughts:

    1. I can stop service for that range, meaning no range to get IP from but if by any chance the person knows the domain s/he can statically set one ?!?

    Please help. This is not how I would set things up if I had full control oner the network but unfortunately this how it is. But I also need to secure this network too. So, I am asking for help

    Thanks in advance.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Maybe you could install a proxy server to control access to the internet? Then set the firewall to redirect all traffic for the web to the proxy before it's allowed to exit.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    You could also set the proxy up to be the gateway, and only allow outgoing traffic on the firewall to come from the proxy IP address

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •