[1644] in linux-net channel archive
Re: Linux Router
daemon@ATHENA.MIT.EDU (Craig Schlenter)
Thu Jan 18 23:03:34 1996
Date: Wed, 17 Jan 1996 07:38:52 +0200 (GMT+0200)
From: Craig Schlenter <schz@kidd.co.za>
To: "Manuel M. E. Garcia Jr." <jgarcia@ccpap.admu.edu.ph>
cc: linux-net@vger.rutgers.edu
In-Reply-To: <Pine.A32.3.91.960116230737.21780B-100000@sierra_madre>
On Tue, 16 Jan 1996, Manuel M. E. Garcia Jr. wrote:
> Hello. Our office is using a PC running Linux 1.2.13 which serves as a
> router connecting our LAN to the Internet. I was just wondering if there
> is a way to control what addresses (PC) within our LAN could use the
> router. I was thinking of something like a Tcp wrapper where you could
> easily define addresses which can avail of the machine's services
> (hosts.allow, hosts.deny).
We have an interesting setup in which our internet users pay for our 64K
internet link so we have to only allow certain machines to use the service.
The solution I currently use is to hardcode the ethernet addresses of the
allowed machines and make the other ethernet addresses zero. This is OK
for us because we only need 255 entries in the arp table (/etc/ethers) but
it becomes hairy if you have a larger class of internal addresses. You
will need a kernel >= 1.3.25 for the permanent entries in the arp table to
work but it should not be a hassle to take my two line arp patch from
1.3.25 and feed it back into 1.2.13.
Then just set up an /etc/ethers and put a /sbin/arp -f /etc/ethers
somewhere in your startup scripts. Works like a dream.
--Craig
