[CentOS] IPTABLES rule for separating users

erikmccaskey64 erikmccaskey64 at zoho.com
Sat Mar 5 08:58:29 UTC 2011


I have an OpenWrt 10.03 router [ IP: 192.168.1.1 ], and it has a DHCP server pool: 192.168.1.0/24 - clients are using it through wireless/wired connection. Ok!


Here's the catch: I need to separate the users from each other.


How i need to do it: by IPTABLES rule [ /etc/firewall.user ]. Ok!


"Loud thinking": So i need a rule something like this [on the OpenWrt router]: 


- DROP where SOURCE: 192.168.1.2-192.168.1.255 and DESTINATION is 192.168.1.2-192.168.1.255


The idea is this. Ok!


Questions! 
- Will i lock out myself if i apply this firewall rule?
- Is this a secure method? [ is it easy to do this?: hello, i'm a client, and i say, my IP address is 192.168.1.1! - now it can sniff the unencrypted traffic! :( - because all the clients are in the same subnet! ]
- Are there any good methods to find/audit for duplicated IP addresses?
- Are the any good methods to find/audit for duplicated MAC addresses?
- Are there any good methods to do this IPTALBES rule on Layer2?:
`$ wget -q "http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/" -O - | grep -i ebtables`
`$ `






p.s.: The rule would be [is it on a good chain?]: 
iptables -A FORWARD  -m iprange --src-range 192.168.1.2-192.168.1.255 --dst-range 192.168.1.2-192.168.1.255 -j DROP


Thank you!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110305/580eb8ec/attachment.html>


More information about the CentOS mailing list