General discussion



By arief ·
In our network router (cisco 2600) is the DHCP that is setting behind the firewall (3com office Connect). DNS is the windows 2000 server. Firewall reports the warring like users trying to surf a forbidden site, it show the IP and MAC address of violator, but since router is the DHCP it shows the router IP and MAC.
How can I get violator IP or MAC? (Router must be the DHCP in our network since we have several subnets and not all the PC our in the network)

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by uofM In reply to Firewall

If I'm understanding you correctly.. your Router is INSIDE the firwall (?!?!). If this is the case, and you are trying to block access to certain sites (assuming you have a managable number of them), you can simply use ACL's to block those sites, and log them. This should tell you the source address.

Collapse -

Do you have a proxy server running?

by awfernald In reply to Firewall

If not, then you should be getting the computer IP/MAC address of the person attempting to get to the web site.

Or.... hmmm, I take that back, is your cisco 2600 router providing NAT services? I think this is going to prove the case.

The source of an individual computers IP address, whether static or DHCP, will not have any bearing on what IP/MAC address shows up on your firewall, however, having either a proxy server or a NAT device between your clients and the firewall will result in this behaviour.

I'm not familiar enough with either the office Connect or the cisco 2600 to give you a fix to this though

Related Discussions

Related Forums