Date: Tue, 23 Jan 1996 19:39:35 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: dwhite@resnet.uoregon.edu Cc: questions@freebsd.org Subject: Re: Static vs. BootP: Try 3 Message-ID: <199601230909.TAA22987@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.BSF.3.91.960122210802.1683O-100000@gdi.uoregon.edu> from "Doug White" at Jan 22, 96 10:10:57 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Doug White stands accused of saying: > > Hello! I'll rewrite it this time... Scary, you didn't hear anything from last time? > What would you suggest for managing IP assignment in a medium-sized > network? bootp, or rigid policing. > UO Residence Networking is looking at a new solution for address > assignment in our residence hall network. We are currently just > assigning an IP to each person that signs up. Unfortunately, we're > hitting some of the limitations of this program, mainly getting duplicate > IP addresses even though we've been religious in our record-keeping. > Which means the students are playing with the net configurations. :( Ouch. > We've also been looking at bootp. FreeBSD has a good bootp server, and > we have a machine available to run it. We like this option, but then we > have to depend on a machine running, and (correct me on this) some > network cards can change their ethernet addresses. And can someone just This is correct, but to do anything useful the user would have to change their ether address to match someone else's. At that point both of them are screwed, and it's Not Your Fault. Chasing the perp becomes a pain though. > plug in an IP address anyway and "hack" their way on the net and not > solve our problem at all? > > As you can see, I'm pretty lost on this :) I'd suggest you use the bootp approach; grill the user for their card's IP address (or instruct them to bring the card to you & stick it in a machine and arp at it), add them to your bootp database. I presume you have your inmates 8) hung off their own router/firewall/etc, you should insert host interface routes on this for all your unassigned IP's to an unconnected interface. For FreeBSD, you'd configure up a kernel with a tun interface, and then say : ifconfig tun0 inet 10.0.0.1 route add -host 1.2.3.4 -interface 10.0.0.1 This will effectively drop any packet for 1.2.3.4 on the floor. You could probably do something similar with the ipfw stuff. > Doug White | University of Oregon -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] "Who does BSD?" "We do Chucky, we do." [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601230909.TAA22987>