Limiting users who have shell access to use a certain ip

Roger McCalman roger at runcircle.co.uk
Wed Jan 7 14:23:54 GMT 2004


On Wed, Jan 07, 2004 at 10:27:06AM -0000, davidr at skyforge wrote:
> ok, the server will have lots of ip addressees on it. I want to be able to
> limit any users who have shell access to use one ip. Since the other are for
> customers etc.. and i would prefer it if they didnt use those ip addresses

One way would be to use a jail for user which is then retstricted to
1 local ip address i.e. any process that binds to IADDR_ANY (which is
the default on an outgoing connection) will get the jail's IP address. The
downside of this is disk space and admin as each jail would require a
complete set of executables etc.

I have nerver actually used jail so the above is based on my reading the
man page :-)

Cheers, Roger

> 
> I hope that clears things up a little
> 
> 
> david
> ----- Original Message ----- 
> From: "Kevin O'Connor" <kevin at ziptek-technologies.co.uk>
> To: "'davidr at skyforge'" <davidr at skyforge.net>;
> <freebsd-users at uk.freebsd.org>
> Sent: Wednesday, January 07, 2004 1:58 AM
> Subject: RE: Limiting users who have shell access to use a certain ip
> 
> 
> > David can you please clarify, do you want the users to be able to only
> > connect to the shell account from 1 IP address or do you want them to
> > only be able to access the internet from the shell on the FreeBSD box
> > via a specific IP address on the box. If the latter surely it's a simple
> > NAT setup with maybe some firewall rules, if the former just firewall
> > rules.
> > Regards
> > Kevin
> >
> > -----Original Message-----
> > From: freebsd-users-admin at uk.freebsd.org
> > [mailto:freebsd-users-admin at uk.freebsd.org] On Behalf Of davidr at skyforge
> > Sent: 06 January 2004 23:19
> > To: freebsd-users at uk.freebsd.org
> > Subject: Limiting users who have shell access to use a certain ip
> >
> > hi
> >     does any one know a way of being able to limit a group/all users who
> > has
> > shell account to a freebsd server to use a certain ip address when they
> > tried to connect to the internet ? Is what i am saying even possible ?
> > or
> > would  I need a big cisco type router to do such a task
> > --
> > David Richards
> > davidr AT skyforge DOT net
> > http://www.skyforge.net
> >
> >
> > ------ FreeBSD UK Users' Group  -  Mailing List ------
> > http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
> >
> >
> > ------ FreeBSD UK Users' Group  -  Mailing List ------
> > http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
> >
> 
> 
> ------ FreeBSD UK Users' Group  -  Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users




More information about the Ukfreebsd mailing list