That might work. I believe there is a setting in dhcpd.conf that will
also restrict dhcpd to 1 lease per client. I guess I'll have to dig
further into that and hack my image to make it permanent.
A little background on this m0n0: it is protecting/bandwidth limiting a
set of college dorms from the internet-at-large. Though given the types
of traffic found on the internal LAN, perhaps I should be protecting
everyone else from them! Let's just say they put a hurting on the 10
Mbit pipe constantly, both up and down.
Anyway, what I think is going on here is that I have clients with 2
NICS, and Windows XP is set to bridge the 2, hence the client wants 2
addresses, but they appear to come from the same MAC. I'm not sure if
the bridging is intentional or not, but I have seen many XP laptops with
2 nics that were bridged and I don't believe the users of these laptops
even knew what a bridge was. I saw a whitepaper somewhere on the
e2epi.internet2.edu site describing this exact problem, only the college
in that instance had so many bridged clients that they exhausted their
dhcp leases, causing quite a stir.
Just some info in case someone else runs into the same problem.
From: Ping Kwong [mailto:kwongp at midtown dot net]
Sent: Sunday, August 29, 2004 2:20 AM
To: Bryan Brayton; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] How to deny a client multiple dhcp addresses
Although I haven't tried it, I would assume you should be able to
it by going to Services: DHCP and adding an entry for that person's MAC
address and forcing it an IP address based on that MAC. Who is to say
the person won't spoof a MAC address then and achieving the same result.
From: Bryan Brayton [mailto:bryan at sonicburst dot net]
Sent: Saturday, August 28, 2004 5:43 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] How to deny a client multiple dhcp addresses
I have a client pulling 2 dhcp addresses on the same mac address. How
do I go about restricting the dhcp service to 1 address per mac?
avast! Antivirus <http://www.avast.com> : Outbound message clean.
Virus Database (VPS): 0435-2, 08/28/2004
Tested on: 8/29/2004 9:13:03 AM
avast! - copyright (c) 2000-2004 ALWIL Software.