Re: iptables - how would you do this?

From: SEND NO SPAM (spam_at_dodgeit.com)
Date: 07/05/05


Date: Tue, 05 Jul 2005 17:00:11 GMT

martin.woolley@misys.com wrote:
> Greetings and Felicitaions,
>
> We run a linux thin client setup with several servers, and we want two
> of these servers to only accept connections from specific clients. On
> these machines,I have setup the following rules via iptables
>
> -A INPUT -s 192.168.0.0/255.255.255.0 -j REJECT
> -A INPUT -s 172.24.0.19 -i eth1 -j ACCEPT
> -A INPUT -s 172.24.0.27 -i eth1 -j ACCEPT
> -A INPUT -s 172.24.0.28 -i eth1 -j ACCEPT
> -A INPUT -s 172.24.0.29 -i eth1 -j ACCEPT
> -A INPUT -m mac --mac-source 00:11:85:E3:C7:39 -j ACCEPT
> -A INPUT -m mac --mac-source 00:11:85:E3:C8:F7 -j ACCEPT
> -A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j DROP
>
> What I think that this should do is
> - reject any connections from the 192.168.0.0 network.

Why REJECT this range specifically? If a IPaddress is not in an accept
it will not be accepted.

> - accept connections from the 4 specified hosts on the 172.24.0.0
> network.

OK

> - accept connections from the two specified mac addresses (which are
> thin clients)

Don't Know about this one

> - reject all other DHCP requests.

Your rule is droping all "udp" packets to ports 67 & 68 not rejecting them.

>
> However the machine is still issuing i/p addresses in reply to a DHCP
> request. How can we prevent this, bearing in mind that the dhcpd must
> be running for the clients that we want to connect to do just that.

Why are you even using dhcp if you are only accepting 6 connections ???

>
> Thanks
> --
> Regards
> Martin Woolley
> ICT Support
> Handsworth Grammar School
> Isis Astarte Diana Hecate Demeter Kali Inanna
>



Relevant Pages

  • [SLE] Wyse Thin Client -- would it work with Linux?
    ... I happened across a vendor who's selling Wyse Thin Client computers real cheap ... It's intended to work with Windows NT. ... it can access remote servers using ... applications via multiuser Windows NTŪ applications servers ...
    (SuSE)
  • RE: [fw-wiz] Worms, Air Gaps and Responsibility
    ... Is this really so hard to setup Thin Client access for mobile users? ... We use the same Internet connection for access to our Citrix servers as ... In addition the Citrix ...
    (Firewall-Wizards)
  • Thin Client Unit - Workgroup or Domain?
    ... At this time we are connecting to our thin client servers with thin ... is then started up and the students connect to the terminal servers ...
    (microsoft.public.windows.terminal_services)
  • Re: Terminal Servers
    ... Terminal Servers allow multiple users to log in "locally" to a specific server. ... This is achieved via a protocol that is generally called a Thin Client protocol because it doesn't use much network bandwidth. ...
    (microsoft.public.windows.terminal_services)
  • iptables - how would you do this?
    ... We run a linux thin client setup with several servers, ... of these servers to only accept connections from specific clients. ...
    (comp.os.linux.networking)