/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>can I set it up so that if someone
>were to plug in their laptop that was set up for a static ip address
>(outside my private network of 172.16.0.0) along with their own DNS
>and gateway settings, can my router catch those people too and
>redirect them to a page on how to set up thier computer for DHCP?
You could do some really fun and cool things with dnsspoof (comes
with dsniff: http://www.monkey.org/~dugsong/dsniff), telling it to
return the address of your local webserver for every query. This
would squash anyone who's not configured to use your proxy and let
the ones that are surf merrily along using the proxy to do their dns
lookups for them. That may be overkill and you might just be able to
configure a bind server to return the address, but I'm not sure how
and it's not as fun :P
>Or even better, can those
>people be MASQ'ed out to the Internet the same as the people with
>dynamic IPs?
Well, you're going to know which subnets they're coming from because
they'll have to use the ones your router is configured for to do
anything...so you'd just masq that subnet I guess. You would still
block the non-defined ones because they'd hit your rule and get
dropped.
>How would a situation involving 2 people with the same IP address be
>handled?
If they're using Windoze, both workstations will pop up a handy
little message that says there's a conflict, then you can go smack
the luser that plugged in. To prevent stuff like this from
happening, you can enable switch port security (assuming your switch
supports it) that locks the ports by MAC address , so if some weenie
plugs in he won't hurt anything (big pain in the butt to manage
though).
A really cool thing to do would be to pass the MAC addresses from the
assigned ip's in the dhcp server to an iptables script and MASQ based
on that, and drop everything else. MMMMmmmMMMmmm. Have fun and let
me know if there's anything I can help with on the specifics.
Tom Steele
Comm/Systems Engineer
Children's Hospital
[EMAIL PROTECTED]
Public Key can be found at
http://keyserver.nebraskacert.org
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOzjebU/EguA6UrKMEQIliACg0ixIRsAl716Nl3sKFOdjNdBp9gIAn0dq
WpSGIGjvMl5GMAxxo9A/I7Tr
=dkV9
-----END PGP SIGNATURE-----
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
