LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-24-2008, 11:02 AM   #1
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Rep: Reputation: 15
how to assign ip to known mac address only


Hi dear sir/madam

I have a couple of linux services running which provide dhcp and dns to small user base of 50 users.
currently all users get an ip address via dhcp's range regardless of pc/laptop.
i would like to change this so the only users that are assigned an ip are the ones who have registered their mac addresses with me, hence i know whos is connecting.
If possible, i do not wish to enter staic ip addresses into the tcp/ip settings of each of these computers.
any help or direction will be greatly appreciated.
thanks
 
Old 04-24-2008, 11:54 AM   #2
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 356Reputation: 356Reputation: 356Reputation: 356
You can use MAC reservations in your DHCP server configuration file, but you will need to manually enter in the information for each MAC. Are you looking for an automated system so that you don't need to intervene?
 
Old 04-24-2008, 11:54 AM   #3
ischi
Member
 
Registered: Apr 2008
Location: Tübingen
Distribution: Fedora 9 (Thinkpad T60), Debian 3.1 (Server)
Posts: 51

Rep: Reputation: 15
just go to your /etc/dhcp/dhcpd.conf and add lines like this:
Code:
host mygreatpc {
  hardware ethernet 00:11:22:33:44:55;
  fixed-address 192.168.1.2;
}
 
Old 04-24-2008, 03:19 PM   #4
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
thank you guys for kind response.
MS3FGX, basically manually is fine for now. i need to do this soon so the automated process can be looked into afterwards.
i dont have the dhcpd.conf file in front of me but you said something about using mac reservation? in order to declare that i'm using only mac to ip assignment(so no pcs can connect anymore), is there something that i need to add or omit from the dhcpd.conf file? you can assume my file is very similar to the default with a declaration of ip address range.

ischi, i have this for some of our printers and servers but its not stopping others from getting a dynamic ip address. is there something i need to declare to say No more dynamic IP
thanks in advance.
 
Old 04-25-2008, 02:31 AM   #5
ischi
Member
 
Registered: Apr 2008
Location: Tübingen
Distribution: Fedora 9 (Thinkpad T60), Debian 3.1 (Server)
Posts: 51

Rep: Reputation: 15
You can just decrease the range in which DHCP gives ip addresses so that only the reserved addresses are availible. Its not a good looking way to do that but it works ...
 
Old 04-25-2008, 02:47 AM   #6
-{Jester}-
Member
 
Registered: Apr 2008
Location: The Internet
Distribution: Slackware
Posts: 49

Rep: Reputation: 15
From a security standpoint, MAC address filtering is not as valuable as it seems. The MAC address of a client is capturable. Assuming that your network is secured, if the attacker did have the correct key, it would be rather trivial to spoof the captured MAC address.
 
Old 04-25-2008, 03:45 AM   #7
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
ischi, cheers. that makes total sense. would it be ok to copy the macs(those of whom i know) from the dhcp.lease file so i dont have to go round all the pcs checking?

-{Jester}-, i understand your point, but what would be a more secure method for a more longer term basis. I need to apply something right away as its leaving anybody to connect.
 
Old 04-25-2008, 10:07 AM   #8
-{Jester}-
Member
 
Registered: Apr 2008
Location: The Internet
Distribution: Slackware
Posts: 49

Rep: Reputation: 15
Well, I am assuming this network is wireless. You can still use MAC filtering since I suppose it does not hurt. Use WPA/WPA2 with a 64 character passphrase. Do all the standard stuff like changing your router's default password and IP address. Also, disable SSID broadcasting and change the default SSID name. Beyond that, just change the passphrase twice a month and you've got yourself a decent level of security.

With MAC filtering and SSID broadcast disabled, Windows computers will not find the network using the scanning feature. If you don't enable the specific MAC address of you users' computers, they will not be able to connect to your wireless network. As I said before though, the most important thing is the secure passphrase. WEP is trivial to crack at this point, so make sure you use WPA. Also turning off DHCP and assigning all the IPs staticly might be useful. Like MAC address filtering, there is a work around, but the attacker will have to take another step to break into your network.
 
Old 04-26-2008, 03:29 AM   #9
ischi
Member
 
Registered: Apr 2008
Location: Tübingen
Distribution: Fedora 9 (Thinkpad T60), Debian 3.1 (Server)
Posts: 51

Rep: Reputation: 15
Quote:
Originally Posted by fedora_user View Post
ischi, cheers. that makes total sense. would it be ok to copy the macs(those of whom i know) from the dhcp.lease file so i dont have to go round all the pcs checking?
Yes sure those are the MAC addresses connected to the DHCP Server.
To talk about security: The only save thing for Wireless networks is WPA/WPA2 because MACs can be spoofed with like 2 command lines, while WEP can be cracked faster than you enter the key in a Machine ... like 30sec or so. So a MAC filter is no securtity at all for a Network... BUT it is usefull to always get the same IP which might be usefull for connecting to other Machines and so on.
Just wanted to add that.
 
Old 04-26-2008, 03:34 AM   #10
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
thanks jester, thats really usefull, i've managed to get wmap on and also stop the broadcasting of ssid.
I think i'll continue with dhcp for now as it will be to admin intensive to manage for one it person but would like to get an automated process in place in the future...thanks once again
 
Old 04-30-2008, 09:52 AM   #11
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
update

hello

i have some update reported below:

i have managed to assign all PCs (except for a couple as im testing)ip's based on mac addresses.
The issue is that despite assigning a particular ip address to PC A based on mac address, there's nothing to stop the dhcp server from assigning the same address to PC B, if PC A is not online. PC B is one of those pcs i have not assigned a mac based ip yet in the dhcp.conf. But i thought the purpose of mac reservation is that the ip can only be given if the mac matches.
below is my dhcp.conf file. any help will be apprecaited:


# DHCP Configuration file for subnet 138.37.65 updated 12.10.2003
#
#
# DNS update scheme

ddns-update-style interim;
authoritative;

# Subnet declaration

subnet 188.37.65.0 netmask 255.255.255.0 {
option routers 188.37.65.254;
option subnet-mask 255.255.255.0;

option domain-name "helix.edu";
option domain-name-servers 188.37.65.3;

range 188.37.65.64 188.37.65.140;
}

# MAC address to IP mapping


host copeedddl {
hardware ethernet 00:0d:54:a8:90:85;
fixed-address 188.37.65.22;
}

host akroasdku {
hardware ethernet 00:08:74:46:89:db;
fixed-address 188.37.65.30;
}

host NP15F3B33EC {
hardware ethernet 00:01:e6:5f:3b:ec;
fixed-address 188.37.65.216;
}

host lpt106aa {
hardware ethernet 00:06:5b:02:bd:67;
fixed-address 188.37.65.8;
}

# Range Parameter

default-lease-time 600;
max-lease-time 86400;
[root@zika etc]#
 
Old 05-01-2008, 07:24 AM   #12
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
any help? just want to know am i suppose the reserve the ip addreseses using some syntax or what i have done in the above post is enough?
 
Old 05-06-2008, 10:49 AM   #13
fedora_user
Member
 
Registered: Jan 2006
Posts: 112

Original Poster
Rep: Reputation: 15
please help

can someone please explain why reserved ip addresses are still getting assigned to unregistered (pcs of unknown mac addresesses) pcs coming onto the network. i have created the range to be just about small enough to deal with only the pcs that should be connected. however for some reason the same reseved ip addresses are being assigned to alien pcs whihc are not registered. The only thing is that the ip addresses being assigned incorrectly belong to computer which are not actually turned on at that time...could that be a reason???
please help
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP Assign ip to specific MAC address gfem Linux - Networking 2 08-02-2007 02:58 PM
How to assign ip address permanently Karthi_India Linux - Newbie 1 04-14-2007 10:57 AM
Cannot assign a MAC address hicksy Linux - Networking 5 02-19-2007 01:37 PM
how to assign dhcp address? hank43 Linux - Networking 1 09-10-2006 02:46 AM
Can not assign IP address jtir Solaris / OpenSolaris 1 09-28-2005 03:37 AM


All times are GMT -5. The time now is 11:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration