linuxpakistan.net

[wazim4_u]

Salam..!

I'am running cable internet (LAN). Problem i am facing is, some clients from network change the IP address and play with them so they make a lot of ip conflicts in the NETWORK. I have even binded ips with MAC. i tell you the configuration.

Network = 192.168.1.0/24

clients ip ( example ) = 192.168.1.5/255.255.255.0

IP binding with MAC #

iptables -A FORWARD -i eth0 -s 192.168.1.5 -p all -m mac --mac-source 00:50:FC:91:71:3C -j ACCEPT

how can i stop clients by playing with IP changing ?
Any solution ? please let me know

Allah Hafiz

[LinuxFreaK]

Dear wazim4_u,
Salam,

For that you need to create a script which will check mac address and ip address for every minute and if some one using any one else ip then block them until you removed them from blocked list !!

Best Regards.

[wazim4_u]

Dear LinuxFreak
Salam...!
I am not a programmer, even not good in Scripts, just a basic concepts and operating of LINUX. How can i get this Script. Can you or someone else will make it for me. I really need help about it

Allah hafiz

[LinuxFreaK]

Dear wazim4_u,
Salam,

I am not a programmer, even not good in Scripts, just a basic concepts and operating of LINUX. How can i get this Script. Can you or someone else will make it for me. I really need help about it

Don't have time for now because i am busy with my studies and work !!

Best Regards.

[wazim4_u]

Dear LinuxFreak
Salam
How long i have to wait for this script. do u think using DHCP with fixed IPs binding with MAC will help me ? or it would be the same ?
if anyone other can help me so please do it

Wasim

[compucated]

well, the thing to understand is, you cann't stop ip confliction at lan if users setting ip address manually.
There are two solutions, either take action physcially or buy and deploy some advance switch, with IP-MAC binding capability.

With new versions of managable switches you can bind client's IP-MAC address at their switch port and its drop non-associated source MAC-IP at port without going further.

moreover with iptables you can just prevent uncombine IP-MAC source to entering your linux gateway, the IP confliction problem at LAN will remain same.

regards
Hamid Ashraf
compucated(at)msn(dot)com

[lambda]

How long i have to wait for this script.

you won't have to wait for long if you write it yourself.

you need to do something like this:

Code: Select all

loop:
  ping all addresses on your network
  node their mac addresses
  check the ip address/mac address pairs against a text file (use "arp -na" to help)
  disable mac addresses of the changed machines
  wait one minute
  goto loop


don't know how to script? learn. you have the network, the large number of pcs to test with, and the users who you can't trust. not everyone else here has that setup. don't expect anyone to do your job for you.

[wazim4_u]

Dear lambda
Salam...!
I am very thankful to you all experts to help whenever needed and also show the right way to walk on. Yes the two options you have given to me are the only options, one of them i am doing. the scripting you told me to do learn. YES i donot know how to script, Never tried it before. But as u say i should learn and do things my own thats the right.

But i just need some help in it. I am ZERO in Scripting. Tell me any site from where i can learn it. your recommended site i mean. I will also try Google for it inshallah

Once again
Thanks a lot of urs replies

Wasim

[LinuxFreaK]

Dear wazim4_u,
Salam,

You do not need to go some where just read this man pages and i am sure you will get some idea

# man bash
# man grep
# man awk
# man sed
# man iptables

Best Regards.

[syedbilalmasaud]

Salam..!

I'am running cable internet (LAN). Problem i am facing is, some clients from network change the IP address and play with them so they make a lot of ip conflicts in the NETWORK. I have even binded ips with MAC. i tell you the configuration.

Network = 192.168.1.0/24

clients ip ( example ) = 192.168.1.5/255.255.255.0

IP binding with MAC #

iptables -A FORWARD -i eth0 -s 192.168.1.5 -p all -m mac --mac-source 00:50:FC:91:71:3C -j ACCEPT

how can i stop clients by playing with IP changing ?
Any solution ? please let me know

Allah Hafiz

you just do it using squid
install arp package check arp acl for mac address and allow only matched acls
no one other user will access squid

[LinuxFreaK]

Dear syedbilalmasaud,
Salam,

Don't you think he need to reload squid again and again when ever he add/remove MAC ?

Best Regards.

[nayyares]

Salam..!

I'am running cable internet (LAN). Problem i am facing is, some clients from network change the IP address and play with them so they make a lot of ip conflicts in the NETWORK. I have even binded ips with MAC. i tell you the configuration.

Network = 192.168.1.0/24

clients ip ( example ) = 192.168.1.5/255.255.255.0

IP binding with MAC #

iptables -A FORWARD -i eth0 -s 192.168.1.5 -p all -m mac --mac-source 00:50:FC:91:71:3C -j ACCEPT

how can i stop clients by playing with IP changing ?
Any solution ? please let me know

Allah Hafiz

Hello:

Here is the solution http://www.aosp.net/projects/maccontroler.pdf read it and do an email of thanks to author

Cheers: