Third, because these don't address the constraint that third parties shouldn't be able to obtain meaningful information by snooping on the packets (so ideally, the solution should employ some sort of cryptographic protocols to address this).
Second, because I know that MAC addresses can easily be spoofed so I can't use those to ensure that the client devices really are the allowed ones. First because of the constraint that we'd like to be able to connect from outside the local network, so the client devices' IP addresses can change. I've thought of configuring nftables on the server to only allow inbound packets from specific IP addresses or devices with specific MAC addresses, but I don't think these are appropriate/adequate.
Only 16 entries allowed for specific mac address access control install#
I have admin access to the server (I can install packages and configure it with unrestricted access) and local network router. I'd also like to restrict my friends' access to only specific services (say, only HTTP and FTP for one friend, only SSH for another, etc.). The other caveat is that we'd like to do this securely such that the server can ensure that it's really only me or my friends accessing it, that we can be sure that the server we're connecting to really is the correct server (not some MITM spoofing their identity as the server), and without third parties being able to obtain (too much) meaningful information by sniffing the exchanged packets. Android) or Windows, that we'd like to use to access the server's services, as long as both client and server are online on the internet, regardless of whether they're on the same local network. My friends and I have other devices, the clients, that are running Linux (incl.
I have a Linux device, the server, that runs different services on different ports (an HTTP, SSH and FTP server currently, but possibly other servers for other protocols in the future). Let me know/correct me if I do so I can learn and clarify my points. Please bear with me if I use incorrect terminology or don't express the problem too well since I'm not an expert on system administration/server maintenance.
0 kommentar(er)
