Hi,
I have an e-smith 4.1.1 server currently giving good service. We have a particular requirment though. We must bind clients machines to an IP address, because we account for traffic on a per IP basis.
There is still a facility I would like to implement:
I have dhcp set to hand out IP's to those that I want to give them too.. I get their MAC addr and add an entry to the Hosts list in the e-smith manager, assigning them an IP. This results in a list of hosts in dhcpd.conf, and their required MAC addr's
It works, if the clients set their machines to use dhcp to get their IP addr, and they use the same NIC everytime they use the network. If a host appears on the network, and the MAC addrs is not known in dhcpd.conf, it won't hand one out, which is good, but then an "alien" on the network can just choose an IP in the correct subnet, and they have full access to everything, and they are not having their traffic accounted correctly.
What I want to do is use the list of valid IP's in dhcpd.conf to restrict *everything*. That is if the IP does not appear in dhcpd.conf hosts, then don't allow anying. No routing, no forwarding, nothing!!!
Just a quick hint as to where I should add the rules is all I'll need. I have had a look at hosts.allow, and it just doesn't quite make sense to me, as I am unfamiliar with the format used. I am able to whipp up a script to extract what I need from dhcpd.conf.
Cheers,
Michael
2 Replies
604 Views