Is there a way to prevent users from using your IP's on your machine? And only allow certain users to use IP's.

Lets say I have the following IP's routed to the box.

eth0:1 192.168.0.1
eth0:2 192.168.0.2
eth0:3 192.168.0.3
eth0:4 192.168.0.4
eth0:5 192.168.0.5

I have a user called joe. I want to allocate joe an IP address of 192.168.0.2 for his applications. But I do not want him to use the other IP's.

I have a user called jane. I don't want her to access joes IP of 192.168.0.2 on the box.

Anyway of implementing this with iptables? hosts.allow? any reference or samples is appreciated!

in what sense? Web or something like ssh?

If it's for web, DNS/BIND should take care of that

Just dont let them run anything in the background, and dont let other ips resolve their own domain. I mean there is nothing really someone could use that IP for. Unless you have a specific peaice of software in mind.

This is a shell server with 256 IP's routed to it. Trying to figure out a way to restrict users from using certain IP's.

Originally posted by kevvyau
This is a shell server with 256 IP's routed to it. Trying to figure out a way to restrict users from using certain IP's.

on what type of OS, and what services?

for web services, usually the web server binds a domain name to an IP address, for the other services it really depends if they allow virtual services or not, some bind to a port and listen on all the IP address, and some bind to the ports on specific IP's and map to different accounts, Ftp and mail is real popular for doing this.

There are no web services, no bind, no sendmail only SSHD and oidentd. This is a shell server for IRC/IRCD, chatlines, bots etc.

Its running debian linux 3. A customer leases an IP address from the server. Another customer may login and run BitchX and use the customers IP to irc. So thats where i'm really stuck. Restricting IP usage from a local user.

Running that, people taking over other ip's would be my last concern :()

Originally posted by davidb
Running that, people taking over other ip's would be my last concern :()

Defineatly, sounds like your box is getting rooted, once people have the ability to upload programs and setup sockets to listen on, you have basically lost control of the box, more than likely there is a rootkit somewhere and backdoors in a few places

The box is not compromised in anyway. Its been running for 1 half year. We just upgraded the distribution, done some kernel modifications. Obviously this box has to be secured if we offered irc/eggdrop/shells. So yeah it is secured :)

We just started to give customers their own private vhost. Thats where we need to restrict IP usage for local users. Before they could use any of the 200+ IP's they wanted because it was available publically.

If you are using freebsd you could always use a jail for each user.

A good documentation is here:
http://docs.freebsd.org/44doc/papers/jail/jail.html

I haven't tried it myself but it sounds pretty cool.

a