LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-03-2008, 05:25 AM   #1
shipon_97
Member
 
Registered: Oct 2005
Location: Bangladesh
Posts: 490

Rep: Reputation: 30
Bind IP address using MAC


Dear Friends ,

I want to Bind the Host IP address with MAC address using squid in Linux 4.0 . Is it possible to do ?

Or tell me another way(if any), How can I bind a ip address with a MAC address for internet browsing security?
 
Old 08-03-2008, 08:02 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Quote:
Originally Posted by shipon_97 View Post
I want to Bind the Host IP address with MAC address using squid in Linux 4.0 . Is it possible to do ?

Or tell me another way(if any), How can I bind a ip address with a MAC address for internet browsing security?
In Squid, you can use the arp ACL to specify a MAC address. Example:
Code:
acl bad_mac arp 12:34:56:78:91:01
acl bad_ip src 192.168.123.123
http_access bad_mac bad_ip deny
You can also use Netfilter/Iptables for a broader approach by using the mac match module. Example:
Code:
iptables -A INPUT -s 192.168.123.123 \
-m mac --mac-source 12:34:56:78:91:01 -j REJECT
 
Old 08-03-2008, 08:03 AM   #3
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 235Reputation: 235Reputation: 235
Quote:
Originally Posted by shipon_97 View Post
I want to Bind the Host IP address with MAC address using squid in Linux 4.0 . Is it possible to do ?
What are you trying to accomplish? I really don't understand your question. If you wanted to bind an IP Address to a particular MAC Address, you could do this with DHCP.
 
Old 08-03-2008, 08:04 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Quote:
Originally Posted by trickykid View Post
What are you trying to accomplish? I really don't understand your question. If you wanted to bind an IP Address to a particular MAC Address, you could do this with DHCP.
Yeah, I'm not very clear on what he means by "bind" either. I'm assuming that since he's talking about Squid and stuff he wanted to control access based on MAC/IP combos instead of just IPs. I'm not sure, though.
 
Old 08-03-2008, 08:18 AM   #5
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 235Reputation: 235Reputation: 235
Quote:
Originally Posted by win32sux View Post
Yeah, I'm not very clear on what he means by "bind" either. I'm assuming that since he's talking about Squid and stuff he wanted to control access based on MAC/IP combos instead of just IPs. I'm not sure, though.
Yeah, I got the impression he wanted to bind IP Addresses to MAC addresses.. I guess we'll see.
 
Old 08-03-2008, 10:22 AM   #6
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,062

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Please explain any part of this question.

If you mean "Bind" as in "DNS and Bind", then I can't get beyond the slightest notion of what you are talking about; if you mean "Bind" as in associate one with the other, I don't see why squid, a caching program, would be what you want, unless you mean something more like "block/control web browsing by Mac address" which isn't really binding.

What on earth do you mean by "Linux 4.0"? If Linux is anything, its the kernel of an OS, and its currently at 2.6.twenty-something. My current guess at progress would leave 4.0 coming out in, say, 40 to 100 years (the new arangement with version numbering having thrown a spanner in the works of progress estimation). If, on the other hand, you claim to be a person from the future, it would be nice if you could confirm that by telling me the winners of this year's (it is currently 2008) UK FA Cup and Formula 1 series (both driver's and manufacturer's, please). There is no guarantee that I won't be asking about horse races too, so you might want to find out how you can access historic horse racing results from Aug 2008 onwards, thanks.

Alternatively, if you mean 4.0 of some particular distro:
It would be a help if you could give a hint as to which that is, there being well over a hundred of them, all of which have their own unique numbering/naming scheme.
My guess, if you are using a popular distro like Fedora, Ubuntu or OpenSuSE, you are well out of date and you probably should get something more convincingly this century before proceeding. Maybe, if its Debian or RHEL its not that bad.

If you do just mean blocking some particular piece of networking hardware, be aware that MAC addresses can be spoofed. I think I would want to call the degree of difficulty here 'hacker-trivial', but it does depend on circumstances. And there will be people/known threats that can't even rise to that level of difficulty.

If, in spite of that you still want to proceed, I think you should think in terms of only opening one port in your firewall to the internal network - 3128 is the default for squid (and the firewall is where I'd do the mac address matching, but I didn't know the detail posted by win32sux) and only allow packets that come through squid out to the wider world. But you have to have the correct hardware set up for this, and that's something else where further info is needed.

But, as I say, mac addresses aren't foolproof and if you have the wrong hardware arrangement it hardly does any blocking at all.
 
Old 08-03-2008, 12:39 PM   #7
shipon_97
Member
 
Registered: Oct 2005
Location: Bangladesh
Posts: 490

Original Poster
Rep: Reputation: 30
MAC address binds with ip address

Thx Win32Sux ,

Actually I just want to this thing what u have to said .
If there any mistake in my question then i m sorry .

I have another question . Follwing ur advice , I can now easily bind(or add) an ip address with its
MAC address so that a particular user (who holds that IP ) can browse only. Other user cannot .

But its true that , It is very easy to change the MAC address in windows platform as well as Linux platform . In this situation , How can I make strong protection from unautorized internet browsing .

Plz give me some ideas . Thx .. ...
 
Old 08-03-2008, 01:45 PM   #8
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Quote:
Originally Posted by shipon_97 View Post
Thx Win32Sux ,

Actually I just want to this thing what u have to said .
If there any mistake in my question then i m sorry .
No mistake, it's just that the term "bind" isn't usually used in these cases.

Quote:
I have another question . Follwing ur advice , I can now easily bind(or add) an ip address with its
MAC address so that a particular user (who holds that IP ) can browse only. Other user cannot .

But its true that , It is very easy to change the MAC address in windows platform as well as Linux platform . In this situation , How can I make strong protection from unautorized internet browsing .

Plz give me some ideas . Thx .. ...
By making Squid do some form of authentication perhaps?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind Mac with Ip address shipon_97 Linux - Newbie 5 11-23-2007 12:14 AM
Bind ip with mac address sunlinux Linux - Networking 5 08-10-2007 01:23 AM
Single DHCP server ,to provide the ip address to a MAC address in two different subne alix123 Linux - Software 5 05-08-2007 11:16 PM
how to get ip address, broadcast address, mac address of a machine sumeshstar Programming 2 03-12-2005 04:33 AM
DHCP Server MAC Address found, IP address not assigned wmburke Linux - Wireless Networking 17 11-17-2004 10:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration