From: Raymond Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: spoofing client IP configuration
Date: 13 Mar 2003 14:39:48 +0200 [thread overview]
Message-ID: <1047559187.1453.9.camel@raylinux.internal> (raw)
In-Reply-To: <5.2.0.9.0.20030313071936.03245590@yeagerautomation.com>
[-- Attachment #1: Type: text/plain, Size: 1625 bytes --]
On Thu, 2003-03-13 at 14:19, Doug Yeager wrote:
> o.k.,
> managing a public WLAN, people have all sorts of IP configurations preset
> on their clients (not all are dhcp clients enabled).
> i am currently running a DHCP server and it works *MOST* of the time. the
> ultimate solution would be to somehow ignore the client ip configuration
> and map to the clients on the server side based on their mac address, or
> something like that. i know this is possible because there are hotels that
> do this kind of thing.....some terms like "nomadic server" have popped up.
>
> i want the server to route based on local addresses, so this service
> hopefully would run at the mac level.
> the public wlan currently runs:
> nocat gateway
> HostAP
> Iptables firewall
> DHCPD (server in question by this email)
>
> any alternatives to DHCP that do this would be great....i just want people
> configured to their work ip configs to be able to get on. would moving to
> 802.11 auth help? i don't think so because after authentication you still
> need an IP to do anything...unless i'm thinking about this wrong.
>
The dhcpd that ships with most distros can do ip allocation based on mac
addresses. There are sample configs in the docs.
Mixing fixed ips and dhcp is always a messup. You will endlessly be
maintaining the reserved lists on the dhcp server.
Define an ip strategy AND stick to it ...
e.g.
xxx.xxx.xxx.1-9 routers
xxx.xxx.xxx.10-50 servers
xxx.xxx.xxx.51-100 printers, coffee machines, etc.
xxx.xxx.xxx.101-254 workstations, pda's, etc.
HTH
Ray
> thx,
> doug
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2003-03-13 12:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-13 12:19 spoofing client IP configuration Doug Yeager
2003-03-13 12:39 ` Raymond Leach [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-03-13 11:58 Doug Yeager
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1047559187.1453.9.camel@raylinux.internal \
--to=raymondl@knowledgefactory.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox