Memli Robaj schrieb:
> sorry for asking again, but i just thought i could clear ur mind if i just
> Ask again but in a better way.
> i got a link from my ISP, with a simple router, i think its linux based,
> maybe MikroTik inside
> everyday from 20:00 till 22:00, a Host (black connected through any other
> customer) uploads packets with a speed of 2-3 mbit, the speed allowed from
> my ISP is maximum 256 up and 256 down kbps, i have no idea where this hosts
> gets this speed, its not blocked, it bypasses the ISP router and then my
> Network doesnt have any connection with the internet then, not even a ping
> to the ISP works...
> on the LAN interface, i created a network with 192.168.100.0/24, the LAN
> Interface (10.10.10.254/24) is connected with a switch, where all other
> Hosts connect to.
> ok so good so far, i used DHCP for addressing, with MAC Filtering (or
> however its called), so i have to add the MAC 1st, before a host can lease
> an IP, now im planing even to reserve each MAC an IP.
MAC-Filtering or assign a fixed IP to a MAC-address is no real security
feature, it is only a instrument which can be bypassed.
> Now on the Great thing, 2 problems, Hosts added on DHCP Server with the MAC
> Address, can configure the HOST manualy without activating the DHCP, and
> they get INTERNET, how do i avoid this, i dont want ANY host to access the
> internet without getting in touch with the DHCP server.
and yes the second
> one, the HOST that blocks my network with that massive upload, strikes
> again, and i cant block him, he's not registered on the MAC Table in the
> DHCP Server, and he still gets out, im speechless, i just dont understand
Have a look at the state table and block the ip, or better use a managed
switch and disable the port if the bad host is online.
Captive portal and / or a proxy whith authentication can solve the
problem, still the user knows the password.
> ps, back to the prot blocking, screenshots how to block ports on both
> interfaces, would be really good.
i don't understand.
"let's make the backup tomorrow"