OK Guys I need help. I have a very small network (lets say x.y.z.0 - x.y.z.255). Now I do not have any control over the router. But I am in control of the switch that splits the network from one single physical line (wire). I have a bridge fire wall between the line and the switch that filters out the intrusion. The way I distribute the IP addresses is through a dhcp server (its a dynamically static IP), meaning some of the machines I put as static and the other machines that I trust and control (limited access) are set thru the dhcp with MAC address.
Not as you guys know we can set a subnet in the dncp.conf
Code:
# ip addresses available for everybody
subnet x.y.z.0 netmask 255.255.255.0 {
range x.y.z.200 x.y.z.220;
}
for IP addresses I have available and that I can give out to people who visit and hook up their computer to browse and do stuff, which we need. But recently someone has been trying to download some illegal stuff (p2p) via that open IP range. Now the way I limit my security outbreak is to trust my users and limit their activity. But how can I control the activity on that IP range? BTW - I do not have any VPN setup so no authentication process, I dont know how feasible it would be to setup one for such a small network! I do all my stuff via ssh.
My thoughts:
1. I can stop service for that range, meaning no range to get IP from but if by any chance the person knows the domain s/he can statically set one ?!?
Please help. This is not how I would set things up if I had full control oner the network but unfortunately this how it is. But I also need to secure this network too. So, I am asking for help
Stopping P2P networks is actually kind of tough. There are some extensions to Linux iptables (called "iprope" I think) that, for instance, allow you to filter packets on application-level data. But other than filtering ports, it's kind of difficult. You can also do BANDWIDTH limiting on the router. You don't disallow the data flow, you just tax it. Look at "packet shaping" techniques for your firewall to see if that helps. On Linux, for instance, you can use the iptables to flag a certain port range, and then the packet shaping restricts all such flagged connections to, say, 300 bps.
My son does homework on a school laptop. I was thinking about setting up a gateway on my home network, so that I can monitor web traffic and know if he is doing his homework without standing over his shoulder. Ideally I would like to use the Raspberry Pi Model b that I already have. However, I... (15 Replies)
Hi,
I have 2 machines in production environment:
1. redhat machine for application
2. DB machine (oracle)
The application doing a lot of small read&writes from and to the DB machine.
The problem is that after some few hours the network from the application to the DB becomes very slow and... (4 Replies)
I've one Netra 240
After changing main board and system configuration card reader, Network is not accessible any more, Network interfaces are always UP and Running even when there is no cable connected to Network interfaces.
I tried to restart and plumb/unplumb with no luck.
ifconfig -a... (7 Replies)
Hi,
I'm a italian student. For my thesis I develop a gateway with protocol 6lowpan.
For that I must access to network interface to develope my personal stack based on standard 802.15.4.
Can you help me? I need an explanation for that. (0 Replies)
i need to configure a zone to use different interface (bge2) than global and have connected to completely different network switch & to use its own defaultrouter and hosts file .. is it possible ..if so ..how ?
Thanks (9 Replies)
hello i have a ubuntu ssh server that i can acess from any of my comnputers but only if they are on the same wireless network as the server. i tested trhis my tehtehring my samsung blackjack to my windows partition and installing openssh to windows it works when windows is on the wireless but no... (1 Reply)
I am developing a Network Appliation to monitor computers in a network.
Specs are
App monitors the current web page viewed in each system
App also can shutdown the computer in the network
App can show all process run by each computer in the network
I am now confused how to start my... (2 Replies)
I am using shell script to do secure ftp. I have done key file setup to do password less authentication. Following are the FTP Details:
FTP Client has Sun SSH.
FTP Server has F-Secure.
I am using SCP Command to do secure copy files. When I am doing this, I am getting the foll error
scp:... (2 Replies)
01-21-2009
