Restrict dhcp assignment to a list of macs

**Ibro** · 08-19-2010

Hi friends!!!

I come to you with this problem tha I couldn't solve
I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.31 192.168.1.254;
default-lease-time 345600;
max-lease-time 691200;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name "lab.com";
option domain-name-servers 192.168.1.12;
option netbios-name-servers 192.168.1.12;
option netbios-node-type 8;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.12;
ddns-updates on;
ddns-update-style interim;
}
I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs)
Using the following option is not good to me because I have not a pattern in my clients mac.
class "private-hosts" {
match if substring (option hardware,1,11) = "01:00:50:56";
}

pool {
range 192.168.1.31 192.168.1.254;
allow members of "private-hosts";
}

I've try using iptables with following configuration, but XP still getting IP from dhcpd:
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Full from Localhost to Localhost
iptables -A INPUT -i lo -j ACCEPT
# Full from My PC
iptables -A INPUT -s 192.168.1.2 -j ACCEPT
So I can't limit DHCP for specific macs

Please, can anyone tellme how can I solve this using.

Thanks

**Lazydog** · 08-20-2010

You could start by looking HERE

**Ibro** · 08-24-2010

Dear friend,
I have my dhcp server working and I've used that page in configuration process, but there's no reference to a solution for my problem.
I just need a way to serve ip configuration just to a list (stored in a text file) of macs.
Thanks

**coopstah13** · 08-24-2010

I'm not sure how you can do it with an external file but you can specify them in dhcpd.conf pretty easily.

There should be a parameter to disable unknown hosts, you will need to make sure you are using it.

Then you can define hosts like this

Code:

host host1 {
                hardware ethernet 01:23:45:67:89:ab;
}

**Lazydog** · 08-25-2010

Without writing a script to edit the dhcpd.conf file directly, you cannot do it.

**Segfault** · 08-25-2010

You do realize restricting DHCP to certain MAC addresses will not restrict unauthorized internet access? DHCP is nothing but configuration helper. Anybody with little knowledge of networking can set up an internet connection without DHCP.

**Ibro** · 08-25-2010

Thanks everyone,
Some tips about a script like that??

**Ibro** · 08-25-2010

Originally Posted by Segfault

You do realize restricting DHCP to certain MAC addresses will not restrict unauthorized internet access? DHCP is nothing but configuration helper. Anybody with little knowledge of networking can set up an internet connection without DHCP.

Sure but i don't care that, thanks for your tip
My problem is justo to limit ip assigment to a group of macs

**Ibro** · 08-25-2010

Originally Posted by Lazydog

Without writing a script to edit the dhcpd.conf file directly, you cannot do it.

By the way, check this url, it seems that DHCP conversation works beneath iptables, so you may stop dhcp ports and ALL traffic to dhcp server and clients still get IP configuration

Thread Tools

Display

Restrict dhcp assignment to a list of macs

Posting Permissions