Get GNU / Linux
News Feed
Search
Members
Popular Content
Polls
Screen Shots
Event Photos
Blogs
Wall PapersHi all i have 2 question actually i have 2 proplems and i need your help
The case is there is newtrok with 20 user ,I will assign an Ip adress to every MAC , and i want to pervent teh user from chnaging there ip adress ,mean i wanna assin x ip to x MAC and if the user chnage his Ip he don`t pass from the router
any help
there is another thing i wanna give every ip or every MAC certain bandwidth mean i wanna maxmize the bandwidth for every uset to xkp
any help
Best regards
first about ur 1st questions
first about ur 1st questions u have to add this to ur /etc/dhcpd.conf
host haagen { hardware ethernet 08:00:2b:4c:59:23; fixed-address 192.168.1.222; }
i think it's clear, it will assign this 08:00:2b:4c:59:23 to this ip 192.168.1.222
the second question i think u should google for traffic shapping script like wondershaper or something like QOS in speed touch
Thank you all
Diaa thank you for your help but that is not what i want
what is the user chnaged his ip he still have access to internet
there is option at cisco switch that assign mac adress to specific port
if you pluged that MAC to another siwtch port it doensot work
i need the same for IP/MAC if he chnaged IP he don`t have acces to internet
the second proplem i wanna restrict bandwith for downloading not for http connection i wanna allow them to browse all sites but when they begin to download they never get rate higher than 5kp or 10 k
thank you very much for your time
Best regards
I'll tell you my idea, Not su
I'll tell you my idea, Not sure it'll work:
iptables, Policy to drop all.
allow outside connections if and only if the mac address and the IP combination are valid.
--mac-source and --source
WWW: The place for organized randoms!
EGLUG Admin..
Arabeyes Core Member.
Free Software Foundation Associate Member.
i think it may work
i think it may work would u plz give mthe full command
ltes say ip : 192.168.1.1
MAC : 00-0e-50-3e-7f-4f
best regards
man iptables
I gave you the basic idea and a tip, You are on your own!
WWW: The place for organized randoms!
EGLUG Admin..
Arabeyes Core Member.
Free Software Foundation Associate Member.
use squid
you can restrict access to internet through many ACL on squid,you have dstdomain ans src ip ,also you have arp acl ,so you can set Acl with arp to be primed or allowed.(I am not sure if this will be applied on overall download rate.).
I thought users will not have permission to change their IP.
Diaa Radwan
Squid is not band
Diaa squid is not bandwidth shaper it day yes or no and ownt` give him certain speed
and yes users wil have permission to chnage there ip any ideas on how make is possible if thay chnaged there ip they don`t get ineternet access
people think with me one day u will face it
thnx for your help
squid to have internet access or not
>and yes users wil have permission to chnage there ip any ideas on how
>make is possible if thay chnaged there ip they don`t get ineternet
>access
this why you *may* use squid.
squid could be used to limit http traffic through delay pool,I know it you may use any tc for this.
Diaa Radwan
filter by mac address
you can filter by mac address in iptables, and you can use QoS to manage bandwidth
look into firewall docs for the first, and at lartc for the second question
what you cannot do without a managed switch is to prevent users to set a mac address from another computer
btw QoS requires a whole set of commands, and is quite complicated but iptables provides some built in bandwidth limits aside from Qos
you usually use iptables to mark the packets or drop them, or trap them, or do weird things to them
- I'm a code junkie security enthusiast
arp
what you cannot do without a managed switch is to prevent users to set a mac address from another computer .. What u mean
if you mean that i can pervent them from doing MAc spoof i think i have scrip for something like that
BTW any one have something against ARP spoof where some one spoof the arp tables and tell all nodes that eh is the gateway or he is certain node so he can sniff the traffic
there is cisco switches against that but any GPL software you know>???
i mean certain files types li
i mean certain files types like .exe .zip and the browsing won`t be effected if i maxmized the download to 10k but the downloading will be effected and i ment squid restrictacces to certian web sites
well
They will all be effected equally, they'll all slow down, but sure you could do that in pure iptables
i meant squid restrict acces to certian websites
sure if you want, or you can just reject requests to those ips
- I'm a code junkie security enthusiast
i hope this will help.
really i hope this scripts will help check fair NAT for Linux Routers and if u'll use squid i guess there is like magic words. to set all the *zip *exe and any extensions to = xKb ... i hope i helped i don't have this big exerince with squid.
peace
Live Free Or Die...
Try IEEE 802.1x on your
Try IEEE 802.1x on your switches and it can add mac and/or ip filters on the different switch ports based on a username and password combination on the pc itself or even it's own mac address. Green Data http://www.geocities.com/gr33ndata/
run dhcp
run dhcp and restrict ip with mac address add them manually on your dhcp.conf
next boot users will have pre-assigned ip address according to your dhcp.conf. you can also increase leases time to 15 day or something users will never take shutdown thierpc for more than 15 day,but dhcp will give ips 3ala mazago on this case.
do you want to have traffic shaping ? or do you want to limit bandwidth on browsing some sites/hosts. if you want it on browsing run squid delay pools to restrict bandwidth on clients when browsing http/ftp. I use it ,it's perfect wee te7'no2 el users wee twafer bandbeta3.
Diaa Radwan