Networking :: Restrict DHCP Assignment To List Of Macs
Aug 19, 2010
I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration:
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.31 192.168.1.254;
default-lease-time 345600;
max-lease-time 691200;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "lab.com";
option domain-name-servers 192.168.1.12;
option netbios-name-servers 192.168.1.12;
option netbios-node-type 8;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.12;
ddns-updates on;
ddns-update-style interim;
}
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs)
Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";
}
pool {
range 192.168.1.31 192.168.1.254;
allow members of "private-hosts";
}
I've try using iptables with following configuration, but XP still getting IP from dhcpd:
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Full from Localhost to Localhost
iptables -A INPUT -i lo -j ACCEPT
# Full from My PC
iptables -A INPUT -s 192.168.1.2 -j ACCEPT
So I can't limit DHCP for specific macs.
View 8 Replies
ADVERTISEMENT
May 20, 2010
I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.31 192.168.1.254;
default-lease-time 345600;
[code]....
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs) Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";
}
[code]....
I've try using iptables with following configuration, but XP still getting IP from dhcpd:
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
[code]....
View 2 Replies
View Related
Jun 22, 2010
I am having some difficulties comprehending some networking concepts relating to multiple subnets and dhcp servers, or dhcp relay servers. I have built home networks many times before, and they have all followed a very simple formula. A single subnet, let's say 192.168.1.0 which is fairly typical for me. My network's DNS server is always also my networks DHCP server. Typically at 192.168.1.1. When a DHCP client broadcasts for an IP over the subnet, 192.168.1.1(My DNS/DHCP server) will not only tell the client what it's new IP is to be, but will also tell the client what it's Gateway server is. This is ALSO 192.168.1.1 for me typically.
In this manner, a client broadcasts for networking information and is given a usable IP, and told to use 192.168.1.1 for most other functionality. Very simple. However, I am uncertain how to expand this to other subnets. Say.. 192.168.2.0.
A: I can use a separate DHCP server for each subnet. or B: I can use a DHCP Relay agent for 192.168.2.0 to pass the DHCP requests to the primary DHCP server on the 192.168.1.0 subnet.
Option A: is fairly straight forward and have had it functioning fine, but it is really B: I want to know more about. It seems somehow much cleaner to me. I prefer to centralize as much of my network provisioning services as possible. It makes it easier to manage TYPICALLY. My question though is related to Gateways and the use of DHCP Relay Agents....
View 1 Replies
View Related
Oct 16, 2010
NIC is connected to a LINKSYS WRT54G running DHCP. There are plenty of available IP assignments. All other PC that I have connected to the LINKSYS work fine. The CAT 5 cable is fine.Why is this NIC not taking a DHCP assignment ?
View 14 Replies
View Related
Jan 15, 2010
I've a DHCP server in RHEL 5 and 100+ users in my network. I mapped 30 users MAC address with ip. Rest are getting ip address automatically. In my network, users tend to move from one department to another frequently. I've created scopes according to departments. (i.e. Dept A - 172.19.54.10-172.19.54.30 and so on for other departments).
1) I want to configure DHCP server in this way, that a client have to autheticated by DHCP server before receive and IP address.
2) Second, Whether DHCP server have free IPs in scope, but only clients can obtain IPs those MACs are mapped, rest should not without authentication or authorization.
View 2 Replies
View Related
Jan 21, 2010
A DHCP server in RHEL 5 and 100+ users in my network. I mapped 30 users MAC address with ip. Rest are getting ip address automatically. In my network, users tend to move from one department to another frequently. I've created scopes according to departments. (i.e. Dept A - 172.19.54.10-172.19.54.30 and so on for other departments).1) I want to configure DHCP server in this way, that a client have to autheticated by DHCP server before receive and IP address.2) Second, Whether DHCP server have free IPs in scope, but only clients can obtain IPs those MACs are mapped, rest should not without authentication or authorization
View 2 Replies
View Related
Feb 28, 2011
I'm trying to tighten up my network a bit. I've given my dhcp server a list of static mac addresses and ip's for computers i know, and a very short range of dhcp addresses that are redirected to kittenwar.My dilemma is that if someone has my wireless network password, or an ethernet cable, they could set the ip address manually and gain access.how can i deny them this pleasure?im running dhcpd3, and iptables on a debian/lenny intel 2.4 box. dd-wrt is running in a linksys wrt54g and is handling the wireless security
View 7 Replies
View Related
Jan 10, 2011
I have what I thought would be a simple issue: I have a Linux server and a bunch of people with Macs on a small business network.I'm trying to set it up so that using AFP, people can access the Linux server and drag and drop files to our test web development server. In each person's home directory there's a sym link to the /var/www/html directory, so that they can easily plop their test files there.I've got the hard part taken care of: AFP works, the Linux server appears on the network, and the Mac users can connect and log in.However, my sym link doesn't show up as a directory inside the Mac Finder...it shows up as an application. I don't know if this is something as simple as a permissions problem or whether I need to do more configuring to get AFP to play nice.
View 6 Replies
View Related
Oct 22, 2010
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address. When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto vlan100
iface vlan100 inet static
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
View 6 Replies
View Related
Jul 1, 2010
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address.
When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto vlan100
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
View 2 Replies
View Related
Mar 25, 2010
I am puzzled with trying to configure a linux (openSUSE) client to dhcp to eBox DHCP server. I am using dhclient to lease an IP address with dhclient eth0 -s 10.45.48.108 and get a response
openSUSE11232CL1 dhclient: DHCPDISCOVER on eth0 to 10.45.48.108 port 67 interval 4
openSUSE11232CL1 dhclient: DHCPOFFER from 10.45.48.108
openSUSE11232CL1 dhclient: DHCPREQUEST on eth0 to 10.45.48.108 port 67
openSUSE11232CL1 dhclient: send_packet: Network is unreachable
openSUSE11232CL1 dhclient: send_packet: please consult README file regarding broadcast address.
The server reports eBox141 dhcpd: DHCPDISCOVER from 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
eBox141 dhcpd: DHCPOFFER on 10.45.200.2 to 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
I interpret this as the server receives the request and the client accepting it but the lease does not last long and the connection breaks. what this could be and why the connection breaks? Or my undestanding is totally wrong on how it works and should work? And BTW, where is that README file that's referenced in the message I receive on the client?
View 2 Replies
View Related
Mar 8, 2010
Currently I have my eth0 interface getting a DHCP address but at times the DHCP server will not be reachable. Sooo what I would like my server to do is if it cannot find a DHCP server assign a static address to eth0. Then start the DHCP service so it can then dish out some addresses.How can I do this? Surely it is possible
View 2 Replies
View Related
Nov 20, 2010
Has anyone seen the mouse rainbow circle on Macs? I saw one in an Ubuntu derivative. What program has that in it. My mouse does a hour glass, Macs have a rotating rainbow circle
View 1 Replies
View Related
Sep 16, 2011
I've got two primary computers, one Mac Pro and one MacBook Pro for when I'm on the go. I've also got a Linux sever which also acts as NAS. Currently I backup the entire computers to an external drive with Time Machine which is rather useless and doesn't sync anything. What I really want to do is to keep my important files synced between both computers and my NAS (which is running RAID 5), that way I'm not backing up easily replaceable systemfiles and I've got all my important files in 3 places where two of them are running raid so at least 5 drives would have to crash at the same time before actual data loss occur.
Folders I want to keep synced is basically my photo, documents, development, mamp and work folders and then I want to keep the user library folder backed up but not synced. I'm thinking that I'd have to use rsync but don't know how. Before suggesting Dropbox and similar suggestions I don't want to use them because of several reasons some of them being security (Dropbox obviously proved this), Speed (sometimes I'll sync gigabytes of data and that will be significantly faster locally and probably even through VPN as I have a Gigabit pipe), Space (space on my NAS is cheap and only practically limited by my needs), reliability (even if my internet were to go down I still need to be able to keep my files synced incase I'd need to go somewhere on the fly), price (I already have all the hardware and for the amount of gigabytes and bandwidth I'd need I doubt that there's any free or cheap service). Those are my main reason for wanting to keep it locally.
View 2 Replies
View Related
Aug 25, 2010
what are linux kernel and linux distros able to do that macs and windows computers can'talso are there some things that freebsd and solaris can do that others can't (you don't have to answer this one)
View 3 Replies
View Related
Feb 17, 2011
Is it possible to run Linux on Macs without any additional configuration such as Boot Camp/etc?
I have a SATA storage device that has presents a GUI to the user in a simple Linux installation, and ideally it should be platform independent, i.e. boot up into the GUI in all platforms. I'm having mostly success on various PCs, however, it's not booting up in a Macbook Pro that I have. AFAIK the MBPs and all modern Mac systems use EFI rather than BIOS, could this be the problem?
View 1 Replies
View Related
Mar 12, 2011
I am working for a community where several people are engaged for 4 different development projects. we are planning to have a samba server to store our data.Now the problem is that I have created a share in which @groupa, @groupb and @groupc are allowed to read and write. But three of the members of @groupb are only allowed to for read permission only.
View 1 Replies
View Related
May 12, 2010
I'm trying to VPN in somewhere and it doesn't like any outbound connections. I'm doing this for RDP, so can I somehow restrict the VPN connection to only be using the RDP port?
View 1 Replies
View Related
Feb 27, 2009
I am looking at ways in which I can restrict the SSH session requests come by specific SSH client (say Putty or NX Client). Is it possible to restrict SSH client login to a client application?
View 8 Replies
View Related
Sep 17, 2010
I'd like to use tc and iptables to restrict the download speed. I understand this is know as policing. Are there some resources I could use to learn how to do this? I want to restrict on a per ip basis.
View 1 Replies
View Related
Dec 17, 2010
So my aim is to install openSUSEx64 11.3 onto my Macbook; but for whatever reason, upon boot-up, the system won't recognize the USB thumb drive with the expanded image of openSUSE on it. I followed steps in Terminal to expand the image onto the said USB stick and know it worked properly because Terminal said "Process Completed." Do I need a special type of USB thumb drive or am I missing something? I am using a late-2009 Macbook. By the way, these were the steps used to prep the USB thumb stick:
1. Open a Terminal (under Utilities)
2. Run diskutil list to get the current list of devices
3. Insert your flash media
4. Run diskutil list again and determine the device node assigned to your flash media (e.g. /dev/disk2)
5. Run diskutil unmountDisk /dev/diskN
6. Execute sudo dd if=/path/to/downloaded.img of=/dev/diskN bs=1m
7. Run diskutil eject /dev/diskN and remove your flash media when the command completes
View 2 Replies
View Related
Jul 1, 2010
How do I do this at my modem page?
View 4 Replies
View Related
Jul 1, 2010
Anybody know how to do this, IN MY MODEM PAGE?This is the best I can copy my modem config page code...
View 2 Replies
View Related
Jul 6, 2010
I have a server in a colocation environment where I'm allotted 25Mbps. I'd like to avoid exceeding that for obvious reasons. Is there a way I can set the link speed or at least throttle the bandwidth for all services?
View 2 Replies
View Related
Jun 12, 2011
Perhaps it is my misinterpretation of AppArmor, how can it be configured to restrict TCP or UDP traffic to/from specific ports?
The profile "abstractions/nameservice", under the section "# TCP/UDP network access", doesn't seem to lock the application to port 53. What am I missing? Restriction to specific ports is something that systrace can do so I'd expect nothing less from AppArmor.
View 5 Replies
View Related
Mar 3, 2011
i have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 Replies
View Related
Dec 1, 2009
I have a Fedora 11 system and cbq.init-v0.7.3 in it. Now I want to restrict upload speed from my ftp server to Internet (eth1). According to docs I've made a simple file /etc/sysconfig/cbq/cbq- 00.inet_upload_restrict:
DEVICE=eth1,100Mbit,10Mbit
RATE=800Kbit
WEIGHT=80Kbit
PRIO=5
RULE=:20,
So as you can see I want to limit outbound traffic on eth1 from my ftp port 20 to any to the 800Kbit/s (100Kbyte/s). Now I do cbq start, it says: find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments. but it starts and works. Now I check the speed and it is...
View 3 Replies
View Related
Feb 2, 2011
I want to restrict some site (Social Networking) through my newly configured squid proxy. But It always allow those site How to block those site. My squid.conf file is configured as follow :-
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
[coder].....
View 14 Replies
View Related
Feb 9, 2011
I have it so that an Env object contains all the variables in the current scope, and the parent scope. You can also save them to variables like objects, and my idea is to use the "." operator to get values from them.
First, how do I assign to them? I currently have it that only a variable name can be assigned to, but you should be able to assign to an "obj.value" expression, too. How do I keep track of what variable to set and still be able to say it in an expression and have it evaluate to the variable?
Second, these object don't really have a "type", they're just containers that contain any values you want under any name you want. How can I, for example, define a primitive "boolean" object and have things like if statements recognize it?
View 14 Replies
View Related
Oct 2, 2010
I have assignment to write bash script and I have to submit it after tommorow . I do not have experience to finish it by myself.I am really need help if any one can contact me. on my email I will be thanks him/ her.
View 14 Replies
View Related
