LinuxQuestions.org - Blocking IP range

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Blocking IP range (https://www.linuxquestions.org/questions/linux-newbie-8/blocking-ip-range-613445/)

hohohann

01-14-2008 05:35 AM

Blocking IP range

Hi there,

The firewall in my office is running on Linux Redhat.
Every workstations' IP address is being assigned by the firewall using DHCP. I want to block/reserve a range of 20 IP addresses from 10.10.10.10 to 10.10.10.30 for future use.
In future, i want to allocate static IP from the mentioned range to certain new workstation.
How do i go about it?

Thanks.

odcheck

01-14-2008 06:03 AM

no sweat
just edit your /etc/dhcpd.conf
there you can specify this range not to be served.

Jirka11

01-14-2008 06:05 AM

Quote:

Originally Posted by hohohann (Post 3021829)

In your /etc/dhcpd.conf you should use
range 10.10.10.1 10.10.10.9
range 10.10.10.31 10.10.10.254

or directly reserv some IP addresses by:

host some-printer {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 10.10.10.10;
}
....
....

_____________________________________________
http://www.nmonitoring.com

hohohann

01-14-2008 08:27 AM

Quote:

Originally Posted by odcheck (Post 3021841)

no sweat
just edit your /etc/dhcpd.conf
there you can specify this range not to be served.

What are the commands like to specify the range not to be served?
thanks in advance.

Emerson

01-14-2008 08:33 AM

First - see man pages
Second - Google
Still stuck? Ask your questions here.

http://linux.die.net/man/5/dhcpd.conf

hohohann

01-14-2008 06:59 PM

Quote:

Originally Posted by Jirka11 (Post 3021844)

host some-printer {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 10.10.10.10;
}

How do i determine the hostname of that particular hardware (printer, computer....) ?

odcheck

01-15-2008 02:31 AM

@hohohann

no problem just post me your /etc/dhcpd.conf
but please use (["code"] and paste [/code"])

or the otherway around

Code:

next-server            192.168.1.100;

option root-path        "192.168.1.100:/opt/ltsp/i386";



subnet 192.168.1.0 netmask 255.255.255.0 {            <---Here just shrink the iprange

    range  192.168.1.100  192.168.1.199;

    if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {

        filename "/lts/2.6.16.1-ltsp-2/pxelinux.0";

    }

    else{

        filename "/lts/vmlinuz-2.6.16.1-ltsp-2";

    }

}

#

# If you need to pass parameters on the kernel command line, you can

# do it with option-129.  In order for Etherboot to look at option-129,

# you MUST have option-128 set to a specific value.  The value is a

# special Etherboot signature of 'e4:45:74:68:00:00'.

#

# Add these two lines to the host entry that needs kernel parameters

#

#        option option-128    e4:45:74:68:00:00;      # NOT a mac address

#        option option-129    "NIC=ne IO=0x300";

hohohann

01-16-2008 12:47 AM

@odcheck

Let say i want to reserve a range of IP (10.10.10.150 t0 10.10.10.180) not to be distributed by DHCP. Can i do as follow:

Code:

# Sample /etc/dhcpd.conf

# (add your comments here)

ddns-update-style interim;

ignore client-updates;

subnet 10.10.10.0 netmask 255.255.255.0 { 

range 10.10.10.10 10.10.10.149; 

range 10.10.10.181 10.10.10.254;

default-lease-time 86400; 

max-lease-time 86400; 

option subnet-mask 255.255.255.0; 

option broadcast-address 10.10.10.255; 

option routers 10.10.10.1; 

option domain-name-servers 10.10.10.1, 202.75.129.101, 202.75.129.102, 210.19.58.2; 

option netbios-name-servers 10.3.4.3; 

option domain-name "abc.com"; option ip-forwarding off; 

option netbios-node-type 2;



        host SIEB_DB_MON {

                hardware ethernet 00:10:b5:cc:b1:1f;

                fixed-address 10.10.10.2;

        }

}

akthktd

01-16-2008 07:17 AM

please help

How can I unblock sites in my college ?

We are using RedHat.

I want to log on to orkut.com

thanks

odcheck

01-16-2008 11:43 PM

@hohohann that should do the Trick :-)

and @akthktd how nice :-) then do it
this has nothing to do with this Thread, please open a new one.

All times are GMT -5. The time now is 08:53 AM.