Mailinglist Archive: opensuse (2553 mails)
| < Previous | Next > |
Re: [opensuse] How to enforce IP's regardless of the clients setup.
- From: "John Andersen" <jsamyth@xxxxxxxxx>
- Date: Mon, 12 May 2008 14:09:00 -0700
- Message-id: <60fb01490805121409g4e88f99eg1ddb813d597b2ebd@xxxxxxxxxxxxxx>
On Mon, May 12, 2008 at 1:48 PM, Sam Clemens <clemens.sam1@xxxxxxxxx> wrote:
1) First, assigning static ips does not help him control who uses
what IP to gain access to a specific route. Any user could simply
reset his own IP.
2) Second its only EASY to get all IPs if you shop is very small and
the hardware is very stable.
3) Running a dhcp server is not inefficient, as you imply. It uses virtually
no resoruces, is drop dead simple to set up and maintain.
Besides, and in-house dhcp server has many additional side
benefits to just handing out IPs. If any roaming laptops are involved,
you will find a great deal of resistance from users that don't want to
convert back and forth from static to dynamic each time the machine
enteres or leaves the premises.
Further with a dhcp server you can do nifty things like split dns so things
like your internal Imap server appears at the appropriate interface
depending on where you are (inside or outside). Same for company
web servers.
--
----------JSA---------
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Shawn Holland wrote:
Hi,
My current setup has multiple IP ranges where I use mac filtering to
specify what IP ranges specific computers will get.
The same server will be the gateway to the Internet.
What I am looking for is a way to enforce specific MAC Addresses to only
be allowed to use specific IP's.
Like I said above I have it locked down in DHCP, but its a simple matter
of setting a static IP to bypass the dhcp server.
I have been reading through SuSEfirewall2 and haven't found anything
apparent that I could use to enforce this.
Can anyone point me in the right direction on how to use iptables /
SuSEfirewall2 to only permit traffic from a mac address when its using a
specific IP or IP Range?
With the amount of work it requires to get the mac address
of a specific machine, why don't you just NOT USE DHCP and
assign each machine a static address.
Unless you're constantly shuffling their IP addresses by hand,
that would seem to be the simple, effective solution.
Using DHCP to make static addresses is like driving a
tractor-trailer truck to borrow a cup of sugar from
your neighbor.
1) First, assigning static ips does not help him control who uses
what IP to gain access to a specific route. Any user could simply
reset his own IP.
2) Second its only EASY to get all IPs if you shop is very small and
the hardware is very stable.
3) Running a dhcp server is not inefficient, as you imply. It uses virtually
no resoruces, is drop dead simple to set up and maintain.
Besides, and in-house dhcp server has many additional side
benefits to just handing out IPs. If any roaming laptops are involved,
you will find a great deal of resistance from users that don't want to
convert back and forth from static to dynamic each time the machine
enteres or leaves the premises.
Further with a dhcp server you can do nifty things like split dns so things
like your internal Imap server appears at the appropriate interface
depending on where you are (inside or outside). Same for company
web servers.
--
----------JSA---------
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |