Re: [plug] dhcpd + pool{} + allow/deny unknown clients

Tue, 30 Sep 2003 20:37:34 -0700 

----- Original Message -----
From: "Dexter Ang" <[EMAIL PROTECTED]>
To: "Philippine Linux Users Group Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, September 30, 2003 10:43 PM
Subject: [plug] dhcpd + pool{} + allow/deny unknown clients


> Hello people,
>
> I was experimenting with dhcpd.conf (going through man dhcpd.conf), and
> read through the part about the pool of addresses. It said something
> about being able to set certain addresses ranges for known and unknown
> clients separately (for example, to block Internet access for unknown
> clients). It's sorta something like this:
>
> subnet 192.168.0.0 netmask 255.255.255.0 {
> pool {
> domain-name-servers youhavenointernet.com;
> range 192.168.0.200 192.168.0.220;
> allow unknown clients;
> }
>
> pool {
> domain-name-servers 192.168.0.1;
> range 192.168.0.10 192.168.0.20;
> deny unknown clients;
> }
> }
>
> After that long example, all I want to know is... how do you make a
> client "known"? Do I add in some config file the MAC Address? And
> advantages or disadvantages? I'm sure it's easier to do it with iptables
> and such, but I'm just poking around dhcpd right now for fun.
>
> If it's somewhere in the man pages of dhcpd.conf, please let me know as
> I can't seem to see it there.

it is there at "allow deny and ignore in scope" section and see the
"unknown-clients" keyword...

it says there to make the client known, it has a "host declaration".... for
example of your dhcpd.conf:

authoritative;
ddns-update-style none;
subnet 192.168.0.0 netmask 255.255.255.0 {
     pool {
        domain-name-servers youhavenointernet.com;
        range 192.168.0.200 192.168.0.220;
        allow unknown clients;
    }

    pool {
        domain-name-servers 192.168.0.1;
        range 192.168.0.10 192.168.0.20;
        deny unknown clients;
     }

    host pc01 {
            hardware ethernet a:b:c:d:e:f
    }

    host pc02 {
            hardware ethernet u:v:w:x:y:z
    }
}

it means that pc01 and pc02 will get the second part of your pool
declaration which are known hosts while the unknown hosts will get the first
part of your pool declaration... but of course this is not effective to deny
unknown hosts to access the internet... dhcp is just a protocol to assigned
ip address to clients to ease the administration.. use iptables' ip address
and mac address firewalling instead to be effective...

fooler.





--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie

Reply via email to