LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-07-2009, 03:41 AM   #1
gixnex
LQ Newbie
 
Registered: May 2009
Posts: 2

Rep: Reputation: 0
Is it possible manage all ip's connections with dhcp?


Hi all,

This is my first post here, here it goes!


I'm trying to manage all ip connections(private network) with a dhcp server. I can filter all addresses by mac, but I don't know how to forbid static ip connections. Can you give me a clue how to deal with this issue?

Thanks.

Last edited by gixnex; 05-07-2009 at 03:48 AM.
 
Old 05-07-2009, 04:08 AM   #2
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Welcome to LQ.

Can you state clearly what your problem is? I can not understand what you are trying to do and what you are doing and what issue you are facing.
 
Old 05-07-2009, 04:17 AM   #3
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,528

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
This can not be done with the dhcp server.
Seems to me you need a kind of access control, so people first login, and then get the IP.

Last edited by repo; 05-07-2009 at 04:20 AM.
 
Old 05-07-2009, 05:17 AM   #4
gixnex
LQ Newbie
 
Registered: May 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Second attempt,

I'm trying to manage my office network range 192.168.1.0/24 all with dhcp server. In dhcp.conf I can filter every ip with ethernet mask, but I cannot avoid if someone connect his laptop to network with a static ip. Repo says "Seems to me you need a kind of access control" but I don't know how.

So..

Is it possible to allow only dhcp ip pool to be used, using e.x iptables?

e.x

iptables allow all 192.168.1.2 with mask FF:FF:FF:FF:FF:FF
etc...
at the end
deny all 192.168.1.0/24

Is it possible?
 
Old 05-07-2009, 06:52 AM   #5
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Do you want outsiders not use your network or do you want them not to use internet from your office?
If you do not want outsiders with laptop not access internet then you can use squid to control the access to internet. But if you want everyone should always get ip address from dhcp irrespective of his status and even if you do not have any control his machine then it is difficult for you to control that way. One way is to use sub-netting so that no one outside your office knows exactly what netmask you use though this is not a full proof solution.
I am bit confused with the example that you put.
 
Old 05-07-2009, 07:06 AM   #6
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,528

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Quote:
Is it possible to allow only dhcp ip pool to be used, using e.x iptables?
Once people know the pool, the can take an IP from the pool to connect.
 
Old 05-07-2009, 07:17 AM   #7
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,232
Blog Entries: 5

Rep: Reputation: 190Reputation: 190
This question would have been better suited for the Network or Security forum rather than Newbies..

What you are looking for is called 802.1x or port-based Network Access Control http://en.wikipedia.org/wiki/802.1x

This should get you started..

http://tldp.org/HOWTO/8021X-HOWTO/
http://www.linuxjournal.com/article/8320
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
http://www.stevens.edu/itwiki/cgi-bi...p/Linux_802.1x

This is really what you need to secure the network against outsiders connecting.

Security through obscurity (limited netmask, pool size etc..) reallly isn't a form of security at all ..


Some vendor implementations of NAC allow you to check the client machine to make sure it's up to date, fully patched, has the latest active AV or other security measures, etc..and if not it pushes those items out to their machine automatically (if it knows who they are) once the machine is updated it's allowed to connect to the Internal network.

Last edited by farslayer; 05-07-2009 at 07:18 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Manage wired and wireless (WPA) internet connections rangalo Debian 6 04-23-2007 07:08 AM
DHCP issuing IP's in reverse! Maniac0Maniac Linux - Networking 5 02-05-2007 08:41 AM
howto relay ISPs dhcp ip's though linux router to LAN deice Linux - Networking 0 09-20-2004 11:40 AM
My laptop receives an IP via DHCP, but can't ping router or outside IP's! Max P0wer Linux - Networking 12 08-17-2004 05:45 PM
can i have both dhcp and static ip's ? mjenkins Linux - Networking 1 09-22-2003 09:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration