On Thursday 17 November 2011, James Knott wrote:
Also, a router normally passes all valid addresses from a subnet, unless specifically configured not to. As an example, my firewall/router here is a Linux box. For me to limit what addresses can pass through it, I'd have to use the iptables rules to block some addresses.
Yes and what's wrong with using iptables? Only incompetent network admins are using iptables or what?
But I, as a network admin, can expect my users to comply with the rules I've set up for the network, so it's their problem, either they want access or they don't. Now wouldn't it be greatly helpful if you/your system could*easily* adapt to these rules?
If your rules don't allow normal, out of the box, behaviour, then your rules are wrong, unless you're prepared to configure every computer to comply with them.
That's simply not true. If you would plug your box into my network here then I would not route anything from you regardless which IP you are using. This is what I'm doing here and I consider it right because I don't want clients like you using my net.
This is most definitely not a user issue as most users wouldn't have a clue about it. As a network admin, I'd expect you to know the implications of what you do. Blocking addresses that are not based on the MAC is not a suitable policy,
How you know the policies and requirements of Lew's network?
in that, by default, later versions of Linux & Windows provide both MAC based and random IP addresses..
Neither windows nor linux client _provides_ the address but the owner of the net you want to be part of. BTW back to Lew's problem ... Reading his last posting you see that obviously he has no problems to access the net. Network admin just told him to not use random addresses or they _will_ block him soon. (If got it right.) cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org