Board index Linux Networking

binding IP Address to MAC Address (newbie)

binding IP Address to MAC Address (newbie)

Post by Father Parthenio » Fri, 18 Aug 2000 04:00:00



-running RH 5.2 with ip masquerading (ipfwadm)

-using 32 bit addressing to masquerade the machines one by one, e.g., for
192.168.1.3 machine:

ipfwadm -F -a m -S 192.168.1.3/32 -D 0.0.0.0/0

The problem is I have several IP numbers I have to masquerade for drop
connections. I have other machines on the network for which I can't allow
internet access. I would like to prevent these machines from stealing one of
the "free" masqueraded IP numbers by changing the IP address on their
machine and thus using the masqueraded connection.

==> I think I would like to bind the MAC address to the IP address and
disallow any illegal IP/MAC combination.

How do I do it? I was told this is where arp comes in.

--
Father Parthenios

 
 
 
Top

binding IP Address to MAC Address (newbie)

Post by David K. Mean » Sun, 20 Aug 2000 04:00:00


  This is what routers are for.  You ought to isolate the untrusted machines
on a separate
subnet, and disallow masquerading that way.  In that scenario, even if an
untrusted machine
changed its IP address, it would not get any satisfaction, because the
router would refuse
to forward the (return) packets to it.
  Depending on the data rate you expect such machines to supply, an old 486
running Linux
might make a dandy router.  Then you could put packet filtering and logging
on it, and catch
any malefactors right away.

> -running RH 5.2 with ip masquerading (ipfwadm)

> -using 32 bit addressing to masquerade the machines one by one, e.g., for
> 192.168.1.3 machine:

> ipfwadm -F -a m -S 192.168.1.3/32 -D 0.0.0.0/0

> The problem is I have several IP numbers I have to masquerade for drop
> connections. I have other machines on the network for which I can't allow
> internet access. I would like to prevent these machines from stealing one
of
> the "free" masqueraded IP numbers by changing the IP address on their
> machine and thus using the masqueraded connection.

> ==> I think I would like to bind the MAC address to the IP address and
> disallow any illegal IP/MAC combination.

> How do I do it? I was told this is where arp comes in.

> --
> Father Parthenios



 
 
 
Top

binding IP Address to MAC Address (newbie)

Post by Mar » Sun, 20 Aug 2000 04:00:00


Or add a thrid NIC card to end up with 2 separate subnets and setup
the FW to stop the second subnet from letting there traffic out

Mark Fowle

On 19 Aug 2000 22:51:47 GMT, "David K. Means"


>  This is what routers are for.  You ought to isolate the untrusted machines
>on a separate
>subnet, and disallow masquerading that way.  In that scenario, even if an
>untrusted machine
>changed its IP address, it would not get any satisfaction, because the
>router would refuse
>to forward the (return) packets to it.
>  Depending on the data rate you expect such machines to supply, an old 486
>running Linux
>might make a dandy router.  Then you could put packet filtering and logging
>on it, and catch
>any malefactors right away.


>> -running RH 5.2 with ip masquerading (ipfwadm)

>> -using 32 bit addressing to masquerade the machines one by one, e.g., for
>> 192.168.1.3 machine:

>> ipfwadm -F -a m -S 192.168.1.3/32 -D 0.0.0.0/0

>> The problem is I have several IP numbers I have to masquerade for drop
>> connections. I have other machines on the network for which I can't allow
>> internet access. I would like to prevent these machines from stealing one
>of
>> the "free" masqueraded IP numbers by changing the IP address on their
>> machine and thus using the masqueraded connection.

>> ==> I think I would like to bind the MAC address to the IP address and
>> disallow any illegal IP/MAC combination.

>> How do I do it? I was told this is where arp comes in.

>> --
>> Father Parthenios


 
 
 
Top

binding IP Address to MAC Address (newbie)

Post by Peter Mitchel » Sun, 20 Aug 2000 04:00:00


You can use dhcp to assign an IP number to a particular MAC
address. However there are some possible holes

  It is possible for a machine to return a MAC address other
than the real one.
  I am not sure whether a machine that has its own address
will still work if it is within the relevant subnet range,
but I suspect it will.

All in all the router solution sounds better

Peter

* Sent from AltaVista http://www.altavista.com Where you can also find related Web Pages, Images, Audios, Videos, News, and Shopping.  Smart is Beautiful

 
 
 
Top

1. Binding a single IP Address to two different MAC addresses

Hello.

I have a requirement, wherein I have two NICs on a single host. One of
the NIC would be in a standby state. The idea is to provide
hotstandby, in case the first NIC fails the second NIC takes over.
Both the NICs are configured for DHCP IP and as far as I know, the
DHCP Server binds the IP with the MAC Address provided.

In my case I need to get the same IP for both the NICs despite them
having different MAC Addresses, basically because the host is the same
and much of the host configuration is tied up with the IP.  I checkced
the DHCP server man pages, it states the IP can also be bound to a
"Client Identifier".

So, to make sure I get the same IP both these NICs, should I set the
"client Id" like a host name and send the DHCP Discover message?
Please advice if there is some kind of configuration needs to be done
on the server side too?

Thanks
Ramesh

2. cd'ing to remote sites

3. WANTED: pingmac <IP ADDR> which returns <MAC ADDRESS of IP ADDRESS>

4. Debian 2.2 virtual consoles

5. IP Masquerading with IP Address and Mac Address Restrictions

6. Finger

7. Determining IP address from MAC address

8. Pipe line

9. MAC Address From IP Address

10. change MAC address can change IP address of a machine?

11. using mac address instead of an IP address of hostname

12. how to convert mac address to ip address

13. new IP address for the same MAC address


All times are UTC
Board index