From: Erik A. Widholm (erik.widholm@moody.edu)
Date: Fri May 14 2004 - 09:19:43 CDT
We have an interest in the IP Tables thingy, as well as the LDAP tie-in.
Do you still have it available?
> > -----Original Message-----
> > From: owner-netreg@southwestern.edu
> > [mailto:owner-netreg@southwestern.edu] On Behalf Of Ole Craig
> > Sent: Friday, April 30, 2004 12:19 PM
> > To: netreg@southwestern.edu
> > Subject: NetReg: iptables instead of DNS
> >
> >
> > (or maybe in addition to DNS.)
> >
> > We're deploying netreg with LDAP-based authorization to
> > automate what has previously been a manual registration
> > process. One of the "threats" which we were tasked to try and
> > protect against was that of a somewhat-knowledgeable person
> > bypassing the netreg DNS view with manual DNS server
> > settings. (This is a computer science department, after all. :-)
> >
> > The solution I came up with is a perl script that
> > manipulates an iptables chain in the nat table, such that
> > unregistered MACs can't get packets off the private LAN --
> > all packets coming from an unregistered MAC get redirected to
> > the gateway netreg box. This seems to work quite well, and
> > was not difficult to integrate into netreg. Anyone have any
> > interest in such a thing?
> >
> > Ole
> > --
=======================================
Erik A. Widholm
System Administrator (UX)
Moody Bible Institute
820 N LaSalle Blvd
Chicago, IL 60601
312.329.4249
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:45 CDT