what i have to do, or where i have to put the mac addresses of the computers on my network, so they can't change their ip's?

i hope i make some sense.

You can't but you could use DHCP to always allocate the same address to the same mac address. Personnaly though I would stick to fixed addresses.

i am using fixed addresses, but i want the router to check for the mac addresses of the users who want to go "out there". I don't want to let them change their ip addresses and get complains about conflicting ip's.

Out where? If you don't want them to change their IP addresses then don't give them root access to their systems.

so i'm not making any sense...

i try again:

i have a router and behind him some computers (with windoze). The router gives them "the grate outdoors" (read internet). There is some shaping, so some guys are trying to change their ip to catche a bigger bindwith. I want to force them to use the ip i give to them and i understend i can do this taking their mac address and stick it to their ip.

Maybe it's more clear now...

The only way I know to do this is with DHCP but the user could still change back to a fixed ip address if they had the administrative rights on that computer.

thanks for all your help ross

but i have one more question:
in my campus we have fixed adresses (or i think we have: we must put the ip, mask, dns, gw... on the OS's we use). But when i change my network card i have to go to the admin and tell him the new mac so i can use the new network to access the internet. How do they do it?

I can't see how they could stop you getting network access. They could probably block your net access though using iptables and "--mac-source" it's not something I've used though.

thank you. I think this is what i was looking.

i'll go to man iptables

my campus does the MAC-IP thing. That is done in DHCP. David, the way it works is, if you computer tries to pull an IP, it checks the database against your MAC (or the dhcp config file). If your MAC isnt found, you don't get an IP and hence, no network connection. Cristi you could set up your DHCP server to give IP's based on mac using the "host" option in the dhcpd.conf file. However, if a user hard codes his/her IP address to be the IP of someone else, it will still cause IP conflicts. If you want to block access to the internet from a certain user though, do what david_ross said and use the --mac-source option in iptables to filter their connection to the internet (great out doors).



an example of the host opition in DHCP looks like this:

host haagen {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.222;
}

what will happen:

when the computer with MAC: 08:00:2B:4C:59:23 requests an IP from the DHCP server, that computer will always get the 192.168.1.222 IP. This is why your campus always needs your MAC, if you MAC isnt in their config file, you get no IP.


i pulled that from the DHCP howto at:
http://www2.educ.umu.se/~bjorn/linux...mini/DHCP.html

I know how DHCP works. But like I said (and yourself)
If the user has admin rights to the workstation then they can change it to a fised ip.

yea, so we agreed on that point basically.

that rm -f / is funny everytime i read it BTW.

Yeah. Have you ever tried the iptables rules based on MAC before? It's not something I've ever had a need to do.

never used it either. i just assumes it works because it's there.

i put on the gateway server:
iptables -I INPUT -s #IP -m mac --mac-source ! #mac -p all -j REJECT

but this is only stoping the access to the resources on the server (samba). The net still works.

Anybody knows what's wrong with what i did?