Forbid eth0 to access 192.168.0.x

Deathwing00 · Posted: Thu Jun 26, 2003 8:03 pm Post subject: Forbid eth0 to access 192.168.0.x

How can I do it so my eth0 can't access the 192.168.0.x adresses?

devon · l33t Joined: 23 Jun 2003 Posts: 943

Without more details, I would say iptables.

Deathwing00 · Posted: Thu Jun 26, 2003 8:10 pm Post subject:

No. What happens is that I want to block the access of eth0 before bringing it up... this is because there is a LAN DHCP server running and I want this interface to get IP from the ISP's DHCP server and not from the LAN's DHCP server.

devon · l33t Joined: 23 Jun 2003 Posts: 943

Deathwing00 · Posted: Thu Jun 26, 2003 8:35 pm Post subject:

Nice idea! I'll try it!

But still I'd like that it would be the client that refuses the server rather than reverse... nevermind... if somebody knows anything, it might be posted :roll:

Deathwing00 · Posted: Thu Jun 26, 2003 8:48 pm Post subject:

Problem

How do I tell in dhcpd.conf that I want dhcpd to ignore a determined MAC address? There seems to be no such option in the dhcpd.conf man page... :cry:

devon · l33t Joined: 23 Jun 2003 Posts: 943

Seach the man page for dhcpd.conf for known/unknown hosts. You could probably make a HOST declaration for the server that should not DHCP and then set "ignore known". Something like:

cdunham · Posted: Fri Jun 27, 2003 3:22 am Post subject:

Is this box a bridge/router/firewall between the ISP network and the LAN? If so, you should be able to get DHCP from one interface for the LAN, and another from the ISP on the other interface...

Deathwing00 · Posted: Fri Jun 27, 2003 6:27 am Post subject:

devon · l33t Joined: 23 Jun 2003 Posts: 943

Does this not work in /etc/conf.d/net?

Deathwing00 · Posted: Fri Jun 27, 2003 3:19 pm Post subject:

Diagram:

1.Athlon XP
eth0 (LAN DHCP SERVER)
eth1 (ISP DHCP)

2.K6-2
eth0 (ISP DHCP)
eth1 (LAN DHCP)

3.Pentium-IV
eth0 (LAN DHCP)

So 1.eth1 and 2.eth0 have to get DHCP IP from ISP.
1.eth0 is the LAN DHCP SERVER while 2.eth1 and 3.eth0 are LAN DHCP CLIENTS.

This happens because my ISP gives only 2 IP address for a single connection (won't enter on hardware configuration details), so the other interfaces with LAN IP must access the internet through the 1.eth1 gateway (although 2.eth1 won't use it as there is already such access). Nevermind, I'll configure dhcp server to ignore 2.eth0.

This topic is related with this one too (perhaps a moderator could merge both themes or so...) https://forums.gentoo.org/viewtopic.php?t=63498&start=0&postdays=0&postorder=asc&highlight=

This is because linux cuts gateway connection (while windowz doesn't) while there's inactivity. It's not totally related with this topic but it's the same interface on the same computer.

Deathwing00 · Posted: Fri Jun 27, 2003 3:25 pm Post subject:

cdunham · Posted: Fri Jun 27, 2003 3:44 pm Post subject:

Perhaps I could suggest a better setup, one familiar to most of the rest of us doing this:

Machine A (two network cards):
eth0 - connection to ISP (not through switch) - dhcp
eth1 - lan dhcp - connected to switch
Does NAT with iptables

All Other Machines:
lan dhcp
connected to switch
one network card

You can make your setup work, but it's kind of a pain for what you need, I think.
_________________
This post more meaningful in a scalar context.

Deathwing00 · Posted: Fri Jun 27, 2003 3:49 pm Post subject:

Deathwing00 · Posted: Fri Jun 27, 2003 7:39 pm Post subject:

Thank you very much to everybody! I realized that gentoo has the arping and that ARP does solve the problem as I expected!

SO I just run at start this simple script...