Questions

HOW TO PROVIDE INTERNET ONLY FOR DHCP USERS?

+
0 Votes
Locked

HOW TO PROVIDE INTERNET ONLY FOR DHCP USERS?

ashrafmky
Hi
i have 2008 R2 server with DHCP server with ADSL internet connection also my LAN using WiFi.I have enabled filter on DHCP for providing ip, those MAC are allowed in the filter that client only getting dhcp ip.But if the client having manually ip its working...So I want to block manual ip accessing INTERNET?

Pls help me....
  • +
    0 Votes
    robo_dev

    While this is 'security through obscurity' it can help. Instead of something obvious like 192.168.0.1, make your gateway 191.168.0.254.

    Setup another router at 0.1 and disable it's WAN interface.

    Are these children or adults? (Kids are smarter)

    +
    0 Votes
    JPElectron

    I'm guessing you're using MAC binding to only allow certain devices (to which you know the MAC) to get a DHCP address, and if it's not a "known device" it gets no IP? ...but you have users that are putting a static IP in and still getting internet?

    In your firewall, Deny UDP port 53 outbound, from any IP, except your internal server(s)
    On the internal DNS server, add firewall rules such that only the DHCP IP's can use DNS

    Also, create an ACL in your firewall/router to the internet...
    Allow [IPs that are part of the DHCP pool]
    Deny [all other IPs]

    +
    0 Votes
    ashrafmky

    Through internel DNS server Internet not working I configured forwarder to ISP provider DNS.

    So i given adsl router IP as gateway for all my client pc.

    so can u help me how to connect internet through internel DNS SERVER.

    THANKS FOR UR REPLY

    +
    0 Votes
    r.herafi

    I would prefer ACL based on MAC addresses instead of IP addresses so you can guarantee even if user used a static IP within your pool will not get access to internet

    +
    0 Votes
    ashrafmky

    how to make this?

    In our n/w we have W2K8 R2 SERVER, Linksys router apart-from this anything I need to buy pls help me...

  • +
    0 Votes
    robo_dev

    While this is 'security through obscurity' it can help. Instead of something obvious like 192.168.0.1, make your gateway 191.168.0.254.

    Setup another router at 0.1 and disable it's WAN interface.

    Are these children or adults? (Kids are smarter)

    +
    0 Votes
    JPElectron

    I'm guessing you're using MAC binding to only allow certain devices (to which you know the MAC) to get a DHCP address, and if it's not a "known device" it gets no IP? ...but you have users that are putting a static IP in and still getting internet?

    In your firewall, Deny UDP port 53 outbound, from any IP, except your internal server(s)
    On the internal DNS server, add firewall rules such that only the DHCP IP's can use DNS

    Also, create an ACL in your firewall/router to the internet...
    Allow [IPs that are part of the DHCP pool]
    Deny [all other IPs]

    +
    0 Votes
    ashrafmky

    Through internel DNS server Internet not working I configured forwarder to ISP provider DNS.

    So i given adsl router IP as gateway for all my client pc.

    so can u help me how to connect internet through internel DNS SERVER.

    THANKS FOR UR REPLY

    +
    0 Votes
    r.herafi

    I would prefer ACL based on MAC addresses instead of IP addresses so you can guarantee even if user used a static IP within your pool will not get access to internet

    +
    0 Votes
    ashrafmky

    how to make this?

    In our n/w we have W2K8 R2 SERVER, Linksys router apart-from this anything I need to buy pls help me...