| View previous topic :: View next topic |
| Author |
Message |
killer
n00b
Joined: 12 Dec 2003
Posts: 47
Location: Kladno
|
 Posted: Sat Mar 04, 2006 5:16 pm Post subject: Ddsmasq MAC CONTROL [SOLVED] |
 |
|
Hello All,
anybody know, how to make MAC Controlled DHCP with DNSMASQ ?
To provide DHCP ONLY FOR LIST OF MAC ADDRESSES, not for others (not listed) ???
I dont want to provide unathorized users giving network parameters automatically.
Thanks for any ideas ! 
Killer
Last edited by killer on Sun Mar 12, 2006 6:59 am; edited 1 time in total |
|
| Back to top |
|
 |
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Sat Mar 04, 2006 5:37 pm Post subject: |
|
|
| man dnsmasq wrote: |
-F, --dhcp-range=[[net:]network-id,]<start-addr>,<end-addr>[[,<netmask>],<broad-
cast>][,<default lease time>]
Enable the DHCP server. ............
end address may be replaced by the keyword static which tells dnsmasq to
enable DHCP for the network specified, but not to dynamically allocate IP
addresses. Only hosts which have static addresses given via dhcp-host or
from /etc/ethers will be served. |
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3526
|
| Posted: Fri Mar 10, 2006 12:57 pm Post subject: |
|
|
Keep in mind that refusing to serve an address isn't real security.
At this level, it's really a matter of how much security you want. Keep in mind that physical access is the first part, and if they've plugged in, they have that. I presume this isn't wireless, and if you've got that, you've selected the proper security level and put in place good keys, etc.
If you refuse to server an address, they can always sniff your LAN, find the address space, and pick one, statically.
You could code your statically mapped IPs into an iptables firewall, but they could probably spoof one of your (newly unplugged) machines.
You could code your MACs into an iptables firewall, but that can be spoofed, just like the IP.
About the only REALLY secure thing you could do is send all of your real traffic over VPNs, and block all other traffic except that needed for the VPN, itself. Similar to this, you could get into Radius and PPPoE. Again, this is virtualizing your lan, and blocking the physical one.
This is no doubt overkill for a home lan. So WHY do you want to prevent your guests from plugging in?
Or is it a home lan? If this is an issue of preventing public access on publicly accessable jacks, you need to look at the virtualization, above.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
killer
n00b
Joined: 12 Dec 2003
Posts: 47
Location: Kladno
|
| Posted: Sun Mar 12, 2006 7:04 am Post subject: Thanks guys !!! |
|
|
It will helps !!! 
added
| Code: | | dhcp-range=192.168.65.50,static |
parameter and in /etc/ethers
| Code: | 00:11:22:33:44:55:66 host1
...more hosts |
and IT WORKS... SUPERB
Last Question:
I am looking how to Automatically set-up HTTP Proxy for DHCP Clients... More ideas ? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
