Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A linux system running Debian with the bash client and a DHCP server. I have not done ANY configuration to it whatsoever.
Here's what I want to do.
We're running a LAN party, and I want to enforce computer registration. The way it's supposed to work is, the DHCP recognizes the new computer hooked up, via mac address, and assigns it an IP address within a specified range. THIS IP ADDRESS MUST NOT CHANGE. It then determines if this IP address has been registered by accessing a mysql database.
That's problem 1, I want it to check the database to determine registration, and I have no idea how to prompt it for that, I know how to create/read from the database, I just don't know where it fits in.
Problem 2: If they are NOT registered, I want it to block ALL connections through any port so they cannot gain access to the network EXCEPT port 80. Then they will be redirected (via their browser) to a webpage which they will enter their name, etc, to register their computer.
So what I really need is to check for registration, then an automatic redirection.
not an answer to your quesitons but a suggestion :
you might handle this with iptables, with the mac-address and logging suport.
The first computer comes for dhcp registration : dport67. you log this with a special keyword :
iptables -A INPUT -p udp --dport 67 -j LOG --log-prefix '##DHCP_REQUEST##'
You use syslog-ng as a syslog daemon, thus, you can :
filter DHCP_REQUEST { match("\#\#DHCP_REQUEST\#\#"); };
destination DHCP_REQUEST_SCRIPT { program( /usr/bin/myscript.pl ); };
log { source(src); filter(DHCP_REQUEST); destination(DHCP_REQUEST_SCRIPT); };
So from now on, each incomming packet to port 67 executes /usr/bin/myscript.pl
This script can, as an exemple, add an iptables rule for the mac address, such as :
iptables -I INPUT -m mac --mac-source $MAC_ADDRESS -j DROP
iptables -I INPUT -m mac --mac-source $MAC_ADDRESS -p tcp --dport 80 -j ACCEPT
The 2 rules are INSERTED (-I) thus they are the first one applied in the INPUT chain.
Thus the new machine can only access the web server.
Then once the web form request is made, you could delete the old rules and add a new one :
iptables -D INPUT -m mac --mac-source $MAC_ADDRESS -j DROP
iptables -D INPUT -m mac --mac-source $MAC_ADDRESS -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m mac --mac-source $MAC_ADDRESS -j ACCEPT
Beware : these lines are certainly not the best ones....
the logging facilities may be very verbose, don't forget to logrotate if you do this !!
As for the dynamic IP problem, just use _very_ long leases in dhcpd, it should work well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
