Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a couple of linux services running which provide dhcp and dns to small user base of 50 users.
currently all users get an ip address via dhcp's range regardless of pc/laptop.
i would like to change this so the only users that are assigned an ip are the ones who have registered their mac addresses with me, hence i know whos is connecting.
If possible, i do not wish to enter staic ip addresses into the tcp/ip settings of each of these computers.
any help or direction will be greatly appreciated.
You can use MAC reservations in your DHCP server configuration file, but you will need to manually enter in the information for each MAC. Are you looking for an automated system so that you don't need to intervene?
thank you guys for kind response.
MS3FGX, basically manually is fine for now. i need to do this soon so the automated process can be looked into afterwards.
i dont have the dhcpd.conf file in front of me but you said something about using mac reservation? in order to declare that i'm using only mac to ip assignment(so no pcs can connect anymore), is there something that i need to add or omit from the dhcpd.conf file? you can assume my file is very similar to the default with a declaration of ip address range.
ischi, i have this for some of our printers and servers but its not stopping others from getting a dynamic ip address. is there something i need to declare to say No more dynamic IP
thanks in advance.
From a security standpoint, MAC address filtering is not as valuable as it seems. The MAC address of a client is capturable. Assuming that your network is secured, if the attacker did have the correct key, it would be rather trivial to spoof the captured MAC address.
Well, I am assuming this network is wireless. You can still use MAC filtering since I suppose it does not hurt. Use WPA/WPA2 with a 64 character passphrase. Do all the standard stuff like changing your router's default password and IP address. Also, disable SSID broadcasting and change the default SSID name. Beyond that, just change the passphrase twice a month and you've got yourself a decent level of security.
With MAC filtering and SSID broadcast disabled, Windows computers will not find the network using the scanning feature. If you don't enable the specific MAC address of you users' computers, they will not be able to connect to your wireless network. As I said before though, the most important thing is the secure passphrase. WEP is trivial to crack at this point, so make sure you use WPA. Also turning off DHCP and assigning all the IPs staticly might be useful. Like MAC address filtering, there is a work around, but the attacker will have to take another step to break into your network.
ischi, cheers. that makes total sense. would it be ok to copy the macs(those of whom i know) from the dhcp.lease file so i dont have to go round all the pcs checking?
Yes sure those are the MAC addresses connected to the DHCP Server.
To talk about security: The only save thing for Wireless networks is WPA/WPA2 because MACs can be spoofed with like 2 command lines, while WEP can be cracked faster than you enter the key in a Machine ... like 30sec or so. So a MAC filter is no securtity at all for a Network... BUT it is usefull to always get the same IP which might be usefull for connecting to other Machines and so on.
Just wanted to add that.
thanks jester, thats really usefull, i've managed to get wmap on and also stop the broadcasting of ssid.
I think i'll continue with dhcp for now as it will be to admin intensive to manage for one it person but would like to get an automated process in place in the future...thanks once again
i have managed to assign all PCs (except for a couple as im testing)ip's based on mac addresses.
The issue is that despite assigning a particular ip address to PC A based on mac address, there's nothing to stop the dhcp server from assigning the same address to PC B, if PC A is not online. PC B is one of those pcs i have not assigned a mac based ip yet in the dhcp.conf. But i thought the purpose of mac reservation is that the ip can only be given if the mac matches.
below is my dhcp.conf file. any help will be apprecaited:
# DHCP Configuration file for subnet 138.37.65 updated 12.10.2003
# DNS update scheme
can someone please explain why reserved ip addresses are still getting assigned to unregistered (pcs of unknown mac addresesses) pcs coming onto the network. i have created the range to be just about small enough to deal with only the pcs that should be connected. however for some reason the same reseved ip addresses are being assigned to alien pcs whihc are not registered. The only thing is that the ip addresses being assigned incorrectly belong to computer which are not actually turned on at that time...could that be a reason???