IP & MAC Binding

Taking care of your Linux box.
asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

IP & MAC Binding

Post by asadsq »

Salam,

I am using Linux based OS "Clark Connect Enterprise Edition" which uses squid at back end for proxy services. I am facing problems that users change IP's of their PC's.
Please let me know if there is any method/technique through which I can bind IP with MAC address so that problem may be solved for ever :) .

Regards
Asad Siddiqui
Peshawar
Asad Zia Siddiqui
Peshawar
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

and what's to prevent your users from changing their ips and mac addresses?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
ather_36
Naik
Posts: 97
Joined: Thu Jul 31, 2003 11:38 am
Location: karachi
Contact:

Post by ather_36 »

Dear Asadsq,
Configure DHCP. I am sure it will resolve your problem.
Please find the link:-
http://www.linuxhomenetworking.com/wiki ... HCP_Server
Thanks & Regards
Athar Hussain
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

no, it won't.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Post by osama »

lambda wrote:no, it won't.
But DHCP might be the first step for this astronaut
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

But DHCP might be the first step for this astronaut
how, exactly?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
osama
Havaldaar
Posts: 117
Joined: Fri Aug 22, 2008 9:08 am

Post by osama »

He might not be using any service to assign IP and hence every user has to enter IPs manually.
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

going back to what i said earlier: what's to prevent your users from changing their ips and mac addresses to match a "valid" address?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Post by asadsq »

Well
let me explain a bit
I have divided some section in to different subnets
For example
For faculty its 172.16.1.xx
For Researchers 172.16.2.xx
for hostels 172.16.3.xx
for IT Labs 172.16.4.xx

Now i want that IP's of Faculty may be BIND with their respective MAC's so that they might not change their IP etc
It happens that they change their IP to other subnet for nothing causing IP conflicts

Regards
Asad
Asad Zia Siddiqui
Peshawar
asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Post by asadsq »

Also,

I am not using any DHCP n i don't want to use DHCP
as in our case it does not fit us
Asad Zia Siddiqui
Peshawar
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

you do know that you can assign static ips using dhcp, right?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Post by asadsq »

No i don't know about this.
But
scenario is that we have already assigned IP's we already have all MAC's & it will be too difficult to have more exercise if we go for DHCP option (that what I think?)

Regards
Asad Zia Siddiqui
Peshawar
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

you can bind ip with mac address using iptables and ur user will only get through if their ip address and mac address matches your list. her is a little hint to do so.

Code: Select all

cat $MACDIR/mac.addresses | while read MACS
do
IP=`echo $MACS | awk '{print $2}'`
MAC=`echo $MACS | awk '{print $1}'`
$IPT -t mangle -A PREROUTING -i $NETWORK -s $IP -m mac --mac-source $MAC -j MARK --set-mark 1
done
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Post by asadsq »

Is arp will be useful in this scenario?
Asad Zia Siddiqui
Peshawar
asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Post by asadsq »

Dear x2oxen,

Could you please tell me that
IP will replace original IP?
& MAC will replace real MAC?
Asad Zia Siddiqui
Peshawar
Post Reply