DHCP server question

[Guest fL1]

I was wondering if there was a way to block statically assigned ip address's from reaching the internet. All our ip address's are assigned dynamically, but some users are changing there own to static, is there anyway to stop statically assigned numbers from reaching the internet? ie: forcing them to use the DHCP server.

 

thanks

[ranger]

I was wondering if there was a way to block statically assigned ip address's from reaching the internet.  All our ip address's are assigned dynamically, but some users are changing there own to static, is there anyway to stop statically assigned numbers from reaching the internet? ie: forcing them to use the DHCP server.

 

thanks

 

I haven't tried this before, mostly we run win2k or linux desktops, where users can't change admin-type settings themselves, but this might work:

 

1)Setup dynamic DNS on the DHCP server, so that a succesful lease will setup up forward and reverse DNS entries on your DNS server

 

2)Setup a firewall, forcing all internet access through the proxy

 

3)On the squid proxy, make an acl:

acl dhcp_users srcdomain .mydomain.com

 

Only users that have leased an IP should be matched by this ACL, except for static DNS entries

 

4)In the squid conf, do something like

http_access deny all

http_access allow dhcp_users

 

Shout if you don't know how to do one of those. Mandrake's SNF/MNF is quite easy so use for the firewall side of the picture (redirecting http traffic to a transparent proxy).

[Guest fL1]

thanks, i'm going to try that out on monday.