Find the answer to your Linux question:
Results 1 to 9 of 9
Hi friends!!! I come to you with this problem tha I couldn't solve I have a lab with 1 switch and 2 machines attached. One XP station and a debian ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5

    Thumbs up Restrict dhcp assignment to a list of macs


    Hi friends!!!

    I come to you with this problem tha I couldn't solve
    I have a lab with 1 switch and 2 machines attached. One XP station and a debian lenny server. My debian runs dhcpd with this configuration
    subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.31 192.168.1.254;
    default-lease-time 345600;
    max-lease-time 691200;
    option routers 192.168.1.1;
    option subnet-mask 255.255.255.0;
    option domain-name "lab.com";
    option domain-name-servers 192.168.1.12;
    option netbios-name-servers 192.168.1.12;
    option netbios-node-type 8;
    option broadcast-address 192.168.1.255;
    option ntp-servers 192.168.1.12;
    ddns-updates on;
    ddns-update-style interim;
    }
    I'm trying to restrict dhcp to only provide setting for a list of MAC addresses (about 300 macs)
    Using the following option is not good to me because I have not a pattern in my clients mac.
    class "private-hosts" {
    match if substring (option hardware,1,11) = "01:00:50:56";
    }

    pool {
    range 192.168.1.31 192.168.1.254;
    allow members of "private-hosts";
    }

    I've try using iptables with following configuration, but XP still getting IP from dhcpd:
    iptables -P INPUT DROP
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    # Full from Localhost to Localhost
    iptables -A INPUT -i lo -j ACCEPT
    # Full from My PC
    iptables -A INPUT -s 192.168.1.2 -j ACCEPT
    So I can't limit DHCP for specific macs

    Please, can anyone tellme how can I solve this using.

    Thanks

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    You could start by looking HERE

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5

    Thumbs up

    Dear friend,
    I have my dhcp server working and I've used that page in configuration process, but there's no reference to a solution for my problem.
    I just need a way to serve ip configuration just to a list (stored in a text file) of macs.
    Thanks

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    I'm not sure how you can do it with an external file but you can specify them in dhcpd.conf pretty easily.

    There should be a parameter to disable unknown hosts, you will need to make sure you are using it.

    Then you can define hosts like this
    Code:
    host host1 {
                    hardware ethernet 01:23:45:67:89:ab;
    }

  6. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Without writing a script to edit the dhcpd.conf file directly, you cannot do it.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  7. #6
    Linux Engineer Segfault's Avatar
    Join Date
    Jun 2008
    Location
    Acadiana
    Posts
    877
    You do realize restricting DHCP to certain MAC addresses will not restrict unauthorized internet access? DHCP is nothing but configuration helper. Anybody with little knowledge of networking can set up an internet connection without DHCP.

  8. #7
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5

    Thumbs up

    Thanks everyone,
    Some tips about a script like that??

  9. #8
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5
    Quote Originally Posted by Segfault View Post
    You do realize restricting DHCP to certain MAC addresses will not restrict unauthorized internet access? DHCP is nothing but configuration helper. Anybody with little knowledge of networking can set up an internet connection without DHCP.
    Sure but i don't care that, thanks for your tip
    My problem is justo to limit ip assigment to a group of macs

  10. #9
    Just Joined!
    Join Date
    Aug 2010
    Posts
    5
    Quote Originally Posted by Lazydog View Post
    Without writing a script to edit the dhcpd.conf file directly, you cannot do it.
    By the way, check this url, it seems that DHCP conversation works beneath iptables, so you may stop dhcp ports and ALL traffic to dhcp server and clients still get IP configuration

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •