Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I am very new to Linux (I've just installed Ubuntu 6.06 and installed all the updates). My purpose for running linux is to use it as a server for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2006
    Location
    Australia
    Posts
    5

    Linux Server for Windows Network


    Hi, I am very new to Linux (I've just installed Ubuntu 6.06 and installed all the updates).

    My purpose for running linux is to use it as a server for my gaming LANs, which all use windows. We use a 16 port gigabit switch, which is connected to a router, which traditionally assigned IP adresses. However, I wish to be able to regulate whether people can access the network or not, through the use of a DHCP\DNS host (I think...) However, I am unable to locate such a program. Any help resolving my issue would be much appreciated, as would using language aLinux 'n00b' would understand, as it were.

    EDIT: I have seen a local public LAN using a Linux box to regulate who can access the network, and you only get access after you pay. Does my using a router (to enable internet access) complicate the process?

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,883
    Even if you put together a DHCP and DNS server under Linux that provide these services on a case-by-case basis to the network (this is possible, you can make your DHCP server only provide IP addy's to hosts specified by MAC address) then you wont prevent someone using the network if they specify a static IP address locally.

    If you want to limit traffic from your LAN to the internet, then you can establish firewalling rules by putting your Linux machine as the gateway between the internet and the LAN.

    You could set it up so that:

    - DHCP only provides specific IP addresses to specific hosts identified by network MAC address.
    - DNS only responds to requests from specific IP addresses (ones the machine gives out itself in the MAC address) you can inhibit this using IPtables rules.
    - The machine only provides NAT for the specific IP addresses it gives out, this is configured using IPtables.

    You probably want to get basic services running first - thats DHCP and DNS, followed swiftly by access to the internet, there are several HOWTO's available for this, use google to find them.

    When that's done, you can start looking at IPtables (again, you can find plenty of HOWTO info with google). It's not really that complicated, but have a go and come back here with specific questions if things get broken. One little word of advice - dont hack your IPtables rules remotely, you could end up cutting yourself off and have no access...
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Sep 2006
    Location
    Australia
    Posts
    5
    Thank you very much. I'll try that out. Its not the internet access that I'm concerned about, it's the access to services on the internal network, such as game servers, DC++ servers.

    Using static IPs would recquire some co-ordination, to prevent doubling up of the IPs.

    Would it be possible to reserve all of the possible IPs of the network range (my particular network uses a 10.1.1.# sequence) to prevent the use of static IPs? That is to say, if someone attempted to use a static IP it would just come up as conflicting with an existing IP and they would be forced to get it from me?

  4. #4
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,883
    You could reserve all the IP's, but if someone were to just ad-hoc pick one and randomly got one that wasn't in use, then you could do little to stop them.

    IPtables can comfortably prevent access to services on your machine based on connection IP address, so while they may be able to push packets onto the LAN, you can prevent them getting a response from your server for anything. It's probably going to be best to take this approach - only authorise clients connecting from addresses you're handing out through DHCP.

    You may want to take a look at some background information on networking and subnets, you may be able to limit access most easily by having a small subnet, made up of only 16 or 32 valid IP addresses.
    Linux user #126863 - see http://linuxcounter.net/

  5. #5
    Just Joined!
    Join Date
    Sep 2006
    Location
    Australia
    Posts
    5
    Thank You very very much.

    Im no doubt stretching my great fortune here, but could you possibly suggest a software package that would achieve this for me? I have attempted googling it (Linux DHCP, DHCP freeware linux, etc etc) but I come up with blanks...

  6. #6
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,883
    Hmmm, software packages? Have you tried a Linux distribution? You're heavily into operating system and server territory here.

    You want the DHCP package to do DHCP, BIND for the DNS, and IPtables for the firewalling. You may be able to find a frontend that lets you do this in some comfortable user interface (webmin might be a good choice here) but personally I'd recommend you dont go down this route.

    You're far better off persevering with IPtables and learning to manipulate it from the command line (where you have total control) to ensure your system is properly secured.

    DHCP is largely trivial, I'm pretty sure that there are plenty of UI's for it, webmin again springs to mind.

    DNS is somewhere between the two. You would benefit hugely by configuring it by hand, you'd end up learning everything you needed, but most distros these days come with a DNS server pre-configured and in it's own chroot jail, so it's just a matter of manipulating the config; if you can find a UI for that, then it'd probably speed the process up a bit, but you wouldn't learn very much.
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •