Sorry, Maybe I did not explain it well enough. The remote IP stays the same for all users loggin in (there is only one dial-in port)
The route table has to change according to the user, not by the remote IP. The only means I have of Identifying which user is logging in is the Login Name. If it were a different IP then, not a problem, I have done it on other nodes. The modem dialin line gets IP 12.45.67.89 This never changes, and any one of half a dozen people can use it. This is routes out onto node 192.168.1.127 on eth0 Only one user is permitted to get to machine 192.168.1.1 Can ip-up identify a user ?... or can you specify a different ip-up for each user ? Ian ---------- ---------- > From: Craig Sanders <[EMAIL PROTECTED]> > To: Ian Perry <[EMAIL PROTECTED]> > Cc: debian-user@lists.debian.org > Subject: Re: Modifying Routing Tables on the fly > Date: Monday, 2 March 1998 19:24 > > On Mon, 2 Mar 1998, Ian Perry wrote: > > > I am trying to modify a route table dependant on which user logs in through > > a dial-up connection. > > viz: route add 192.168.1.1 eth0 > > > > I have already got > > > > route add -net 192.168.0.0 netmask 255.255.0.0 lo > > to stop other users getting to the local network (other than what they are > > supposed to) > > this is what the /etc/ppp/ip-up script is for. > > e.g. > > ---cut here--- > #!/bin/sh > # > # $Id: ip-up,v 1.1 1997/12/16 11:37:26 phil Exp $ > # > # This script is run by the pppd after the link is established. > # It should be used to add routes, set IP address, run the mailq > # etc. > # > # This script is called with the following arguments: > # Arg Name Example > # $1 Interface name ppp0 > # $2 The tty ttyS1 > # $3 The link speed 38400 > # $4 Local IP number 12.34.56.78 > # $5 Peer IP number 12.34.56.99 > > case "$5" in > 192.168.0.1) route add ..blah... ;; > > 192.168.0.2) ipfwadm -I ...... ;; > > 192.168.0.3) blah blah blah > blah line 2 > blah line 3 ;; > esac > ---cut here--- > > this example executes the "route add...." command if (and only if) the > remote IP address is 192.168.0.1. > > it also has demonstrates a special ipfwadm (firewall/packet filter) > rule for 192.168.0.2. e.g. say you have a service running on one > of your machines which your users have to pay extra to get access > to...actually, you'd probably do this based on user name rather than IP > address - you could use $2 (the tty) to lookup the user name. you'd use > /etc/ppp/ip-down to delete the ipfwadm rule when the interface died. > > the third case shows that multiple script lines can be executed for any > case - ";;" is used to end the case. > > > > > > I have set up the user's login shell to run the file to add the route and > > ip-down to remove the route. > > this wont work. > > > I get the error message: > > > > SIOCADDRT : Operation not permitted. > > > > I gather this is because the user is not root. > > yep. > > > > Is there a way to safely change the routing table dependant on who logs in > > ? > > > > Any help would be appreciated. > > /etc/ppp/ip-up is executed whenever a ppp interface goes up, and > /etc/ppp/ip-down is executed whenever a ppp interface goes down. These > files are often shell scripts, but they don't have to be....write them > in perl or C or whatever you like. > > the debian ppp package comes with a sample script (similar to the > example above) which doesn't do anything. > > > craig > > -- > craig sanders -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
