How blocks clients (from internet)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How blocks clients (from internet)

Pol Hallen
Hi all :-)

I've this config. "option routers" is commented (and also ip-forwarding is
to off), my mobiles instead can connect to internet. How I permanently
blocks all mobiles from internet?). If a client known IP of routers can
use static IP and add also IP of routers to goes to internet. What's the
best way?
Thanks for help!

Pol

subnet 192.168.1.0 netmask 255.255.255.0 {
        range                           192.168.1.150 192.168.1.199;
        max-lease-time                  7200;
        default-lease-time              600;
        option ip-forwarding            off;
        option subnet-mask              255.255.255.0;
        option broadcast-address        192.168.1.255;
        option domain-name-servers      192.168.1.212, 8.8.8.8;
        option netbios-name-servers     192.168.1.212;
#       option routers                  192.168.1.212;
        option ntp-servers              192.168.1.212;
        option domain-search            "example.com";
        ddns-domainname                 "example.com";
        ddns-rev-domainname             "in-addr.arpa";
        option domain-name              "example.com";
        option domain-search            "example.com";
        }


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: How blocks clients (from internet)

Ben Humpert
2015-03-20 13:04 GMT+01:00 Pol Hallen <[hidden email]>:
> Hi all :-)
>
> I've this config. "option routers" is commented (and also ip-forwarding is
> to off), my mobiles instead can connect to internet. How I permanently
> blocks all mobiles from internet?). If a client known IP of routers can
> use static IP and add also IP of routers to goes to internet. What's the
> best way?
> Thanks for help!

You can't do that with DHCP. You'll have to add a firewall rule
(iptables for example). The easiest solution might be placing the
mobile users into their own subnet and block all LAN <-> WAN traffic
for that subnet. If you are already working with VLAN you could
disallow the mobile users VLAN to talk to the router (and vice-versa)
but the effort for implementing VLAN just for blocking internet
traffic is not worth it.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users