[Server-devel] Filtering and authentication

John Watlington wad at laptop.org
Mon Apr 27 11:43:18 EDT 2009


On Apr 27, 2009, at 11:18 AM, Reuben K. Caron wrote:

> Anna wrote:
>> On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron  
>> <reuben at laptop.org> wrote:
>>
>> As far as limiting the internet connection to authorized XOs,  
>> that's an
>> issue we're probably going to run into at some point once we  
>> broaden the XS
>> deployment.  So far at the pilot school, the staff members connect  
>> to the
>> internet with their personal laptops and iPhones, but I haven't  
>> really heard
>> any complaints of abuse yet.
>>
>> If your deployment is relatively small, it should be easy enough  
>> to add the
>> hardware addresses of the trusted XOs to dhcpd.conf and disallow  
>> unknown
>> machines (or play pranks on them as suggested at
>> http://www.ex-parrot.com/~pete/upside-down-ternet.html).
>>
>> Anna Schoolfield
>> Birmingham
>
> While not all encompassing you could also attempt to drop dhcp  
> requests
> that do not come from 00:17:c4 using something similar to:
>
> http://ubuntuforums.org/showthread.php?p=4191756

Please do not take this approach.   It sounds quick, easy, and  
foolproof,
but will lead to problems in the future.    (I almost suggested it,  
but decided
the cons outweighted the pros.)

For example, what if you get an XO-1.5 in the mix ?  It won't work,  
and will
be difficult to debug.   You also disallow other laptops (teachers,  
etc.) from
being in the network...

wad





More information about the Server-devel mailing list