[1902] in linux-security and linux-alert archive
[linux-security] Re: Ethernet card addr <-> IP
daemon@ATHENA.MIT.EDU (Jon Lewis)
Fri Jun 19 02:53:39 1998
Date: Wed, 17 Jun 1998 17:26:41 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Richard Hakim <richard@kokoro.com>
cc: linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.96.980616175000.1160A-100000@kokoro>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Tue, 16 Jun 1998, Richard Hakim wrote:
> Someone I'm working with has a requirement to map ethernet card addresses
> to unique IP addresses, and then have a Linux IP masquerade server know of
> this mapping list and not allow any data to pass from any ethernet card
> that a) it doesn't know about, or b) isn't assigned the right IP. Ideally
> it would also log this condition.
Hardwire the arp table with arp -s for each card/address. Use ipfwadm to
allow input on eth0 from the known addresses, and deny with logging input
from any other IPs.
Shouldn't be at all difficult.
Here's another IP Masq question. Has anyone ever setup a Masq gateway
such that depending on the remote address, either masquerading or routing
is done? I think I can do this by having accept forwarding rules for a
few remote destinations and a masq rule for all others (0.0.0.0/0).
Shouldn't be a problem...I just wonder if it's been done.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or
Network Administrator | drawn and quartered...whichever
Florida Digital Turnpike | is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null