Hi All,
I'm a student. I'm new to Amahi and relatively new to Linux in general.
I tried searching for the answers to these questions, but couldn't find that. If they are already answered, I do apologize for my bad searching abilities.
On our campus, the bandwidth used by our devices is tracked and we are allotted a certain amount of usage each month. After we go over that, we have to pay per MB used. This only matters for off-campus traffic. For example, if I watch a movie on Hulu, that traffic counts towards my threshold, but accessing the school's internal pages or even direct transfer of files from one on campus computer to another doesn't.
Part of what I would like my Amahi machine to be able to do is act as a file server, but accessible to me anywhere on campus, but not accessible from off campus (to prevent being billed for the off campus usage). Is there a way to limit the range on IP addresses that can be accepted by tunneling into the machine? The school is it's own ISP an has a certain range of IP addresses for on-campus computers. Is there a way to limit the external connection to be accepted if and only if the address lies within a certain range?
Also, here's a basic question about using VPN. In my case, when I use a VPN to access my on-campus machine from another on-campus computer, would the traffic stay within my University's network or would it be directed off campus to some routing server? I was successfully able to access the Amahi machine and transfer files to and from it from an on campus computer, so it works fine. But is that sending data off campus at any point? I didn't think of this while I was on campus before break, or I would have traced a packet's path, and I'm not on campus now to try that. But I'm trying to plan out how this will work when I go back soon.
Thanks
Limit External IP Address Access
Re: Limit External IP Address Access
see here.......
http://linux.about.com/od/commands/l/bl ... ostsal.htm
for simple hosts allow/deny
another way would be to turn the firewall on (iptables) although you would have to do a bit of reading for that
possible best to use webmin if you do so you can see what it's doing via http/s
with both of the above, just limit the range to the private adress range of your campus network eg 10.0.0.1/24
and yes, if you are refering to the vpn client for the hda, your traffic will go out of campus as it uses a dynamic dns.
unless you use the private address to connect which in that case, it will remain within.
not sure how much control you have on the campus or within the campus it guys, but you will always need to know the private address of the hda which i would imagine will be a dynamic lease.
http://linux.about.com/od/commands/l/bl ... ostsal.htm
for simple hosts allow/deny
another way would be to turn the firewall on (iptables) although you would have to do a bit of reading for that
possible best to use webmin if you do so you can see what it's doing via http/s
with both of the above, just limit the range to the private adress range of your campus network eg 10.0.0.1/24
and yes, if you are refering to the vpn client for the hda, your traffic will go out of campus as it uses a dynamic dns.
unless you use the private address to connect which in that case, it will remain within.
not sure how much control you have on the campus or within the campus it guys, but you will always need to know the private address of the hda which i would imagine will be a dynamic lease.
Re: Limit External IP Address Access
lou1z,
Thank you for that information.
I'm just back on campus now, so I will give it a try.
As far as control within the campus IT guys, I actually work for the HelpDesk. Not exactly controlling anything of this matter, but if need be, I can usually get the information I need. For ethernet jacks, they used to assign each person an IP address for a specific device. They did that so that it would be easy for them to track the usage. They've recently switched it, but from what I can tell, they still assign static IP address for each device on each jack, but rotate them when needed within a certain range (i.e. each building has a certain set to be used based on the number of jacks). My router has had the same IP address since when I first moved into this room earlier this year, so I always know the address of the HDA.
Thank you for that information.
I'm just back on campus now, so I will give it a try.
As far as control within the campus IT guys, I actually work for the HelpDesk. Not exactly controlling anything of this matter, but if need be, I can usually get the information I need. For ethernet jacks, they used to assign each person an IP address for a specific device. They did that so that it would be easy for them to track the usage. They've recently switched it, but from what I can tell, they still assign static IP address for each device on each jack, but rotate them when needed within a certain range (i.e. each building has a certain set to be used based on the number of jacks). My router has had the same IP address since when I first moved into this room earlier this year, so I always know the address of the HDA.
Who is online
Users browsing this forum: No registered users and 16 guests