Re: [opensuse] How to enforce IP's regardless of the clients setup.

From: Shawn Holland <sholland@xxxxxxxxxx>
Date: Mon, 12 May 2008 18:07:13 -0300

Sometimes you don't have the luxury of a perfect network where everyone
is configured exactly how you want.

I use allow and deny statements to put specific mac addresses into a
specific pool.

I then need to use iptables to use those same mac addresses and enforce
the ip pool they are in.

This will keep unknown clients from setting a static IP and utilizing
the server as a gateway without registering their computer first.

I believe that using:

/etc/sysconfig/scripts/SuSEfirewall2-custom

I can put in rules like:

iptables -A INPUT -s xxx.xxx.xxx.xxx -m mac --mac-source
XX:XX:XX:XX:XX:XX -j ACCEPT

and setting the default INPUT to DROP, will do what I am looking for.

Thanks for the encouragement.
Shawn

On Mon, 2008-05-12 at 16:48 -0400, Sam Clemens wrote:

With the amount of work it requires to get the mac address
of a specific machine, why don't you just NOT USE DHCP and
assign each machine a static address.

Unless you're constantly shuffling their IP addresses by hand,
that would seem to be the simple, effective solution.

Using DHCP to make static addresses is like driving a
tractor-trailer truck to borrow a cup of sugar from
your neighbor.

--
Thanks,
Shawn

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Follow-Ups:
- Re: [opensuse] IP-ranges with dhcp (was : How to enforce IP's regardless of the clients setup.)
  - From: Koenraad Lelong

References:
- [opensuse] How to enforce IP's regardless of the clients setup.
  - From: Shawn Holland
- Re: [opensuse] How to enforce IP's regardless of the clients setup.
  - From: Sam Clemens

Prev by Date: Re: [opensuse] How to enforce IP's regardless of the clients setup.
Next by Date: Re: [opensuse] How to enforce IP's regardless of the clients setup.
Previous by thread: Re: [opensuse] How to enforce IP's regardless of the clients setup.
Next by thread: Re: [opensuse] IP-ranges with dhcp (was : How to enforce IP's regardless of the clients setup.)
Index(es):
- Date
- Thread

Relevant Pages

RE: DHCP Appliance based on MAC Authentication
... Another option might be to allow MAC's at the switch, but even then they can impersonate a MAC address pretty easily. ... Otherwise what your doing will work, I think I spelled that exact way out earlier, but really its only going to protect you from random machines being plugged in by unwitting users getting addresses. ... Subject: Re: DHCP Appliance based on MAC Authentication ... First we define the IP Range in the address pool in the MS DHCP and then ...
(Security-Basics)
Re: DHCP Appliance based on MAC Authentication
... Thanks every one who participated and also reads all the posts. ... First we define the IP Range in the address pool in the MS DHCP and then ... So by doing this only MAC addresses with sttic mappings can get IP ...
(Security-Basics)
DHCP reservation
... I just want to allow only people with reserved MAC addresses to use DHCP. ... I use reservation which assign IP to MAc address, but I do not know how to make that registred MAC will get IP from the pool? ...
(microsoft.public.windows.server.general)
Re: Preventing DHCP from allocating IPs
... Each segment is physically separate with a Linux ... unknown MAC addresses firstly don't get a DHCP ... >> wants access to your network, they will have to come to you to obtain ...
(Security-Basics)
Re: Secure your DHCP
... I can only think of allocating via dhcp reservation using network card ... Create an exclusion of your whole DHCP scope (So no IP's are free to be ... assign each mac address an Ip address from what was in your pool. ...
(microsoft.public.windows.server.sbs)