[ previous ] [ next ] [ threads ]
 
 From:  Christoph Hanle <christoph dot hanle at leinpfad dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Port Blocking and DHCP Control?
 Date:  Sat, 04 Feb 2006 22:44:30 +0100 
Memli Robaj schrieb:
> sorry for asking again, but i just thought i could clear ur mind if i just
> Ask again but in a better way.
> 
> i got a link from my ISP, with a simple router, i think its linux based,
> maybe MikroTik inside
> everyday from 20:00 till 22:00, a Host (black connected through any other
> customer) uploads packets with a speed of 2-3 mbit, the speed allowed from
> my ISP is maximum 256 up and 256 down kbps, i have no idea where this hosts
> gets this speed, its not blocked, it bypasses the ISP router and then my
> Network doesnt have any connection with the internet then, not even a ping
> to the ISP works...
[...]
> 
> on the LAN interface, i created a network with 192.168.100.0/24, the LAN
> Interface (10.10.10.254/24) is connected with a switch, where all other
> Hosts connect to.
> 
> ok so good so far, i used DHCP for addressing, with MAC Filtering (or
> however its called), so i have to add the MAC 1st, before a host can lease
> an IP, now im planing even to reserve each MAC an IP.
MAC-Filtering or assign a fixed IP to a MAC-address is no real security 
feature, it is only a instrument which can be bypassed.

> 
> Now on the Great thing, 2 problems, Hosts added on DHCP Server with the MAC
> Address, can configure the HOST manualy without activating the DHCP, and
> they get INTERNET, how do i avoid this, i dont want ANY host to access the
> internet without getting in touch with the DHCP server.
Only with a firewall you can´t avoid this, you need an accounting solution.

  and yes the second
> one, the HOST that blocks my network with that massive upload, strikes
> again, and i cant block him, he's not registered on the MAC Table in the
> DHCP Server, and he still gets out, im speechless, i just dont understand
> it.
Have a look at the state table and block the ip, or better use a managed 
switch and disable the port if the bad host is online.
Captive portal and / or a proxy whith authentication can solve the 
problem, still the user knows the password.
> 
> ps, back to the prot blocking, screenshots how to block ports on both
> interfaces, would be really good.
i don't understand.
bye
christoph


-- 
last words:
"let's make the backup tomorrow"