ClearOS Feature Request
DHCP server with custom MAC address list
Hello Forum,
I was thinking and you might know an easy sollution for me.
In the past I was using CentOS 7 with dnsmasq and a converter located here: https://github.com/bertalanimre/dnsmasq-centos7
Basically I had a dnsmasq.source file with the MAC addresses and IP addresses and hostnames listed. Then I used the converter which created the necesarry files for dnsmasq to work. Then I jsut restarted the service and voiala. Only the MAC addresses that I've allowed were able to connect to the DHCP server.
In ClearOS I know I have to set the Authoritative mode off to allow only designated MAC addresses to connect but doing it on the webconfig seems slow and hard to observe for a report for example. Is there any way I can use the mentioned converter with ClearOS or just where do I have to set the MAC addresses for dnsmasq by default? I prefer doing this on the CLI if there is no more convinient way doing it on the webconfig.
Best Regards:
Bert
I was thinking and you might know an easy sollution for me.
In the past I was using CentOS 7 with dnsmasq and a converter located here: https://github.com/bertalanimre/dnsmasq-centos7
Basically I had a dnsmasq.source file with the MAC addresses and IP addresses and hostnames listed. Then I used the converter which created the necesarry files for dnsmasq to work. Then I jsut restarted the service and voiala. Only the MAC addresses that I've allowed were able to connect to the DHCP server.
In ClearOS I know I have to set the Authoritative mode off to allow only designated MAC addresses to connect but doing it on the webconfig seems slow and hard to observe for a report for example. Is there any way I can use the mentioned converter with ClearOS or just where do I have to set the MAC addresses for dnsmasq by default? I prefer doing this on the CLI if there is no more convinient way doing it on the webconfig.
Best Regards:
Bert
In DHCP Server
Share this post:
Responses (12)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
@Imre
Yes create /etc/dnsmasq.d/allowed.conf an then add known hosts 1 per line
dhcp-host=20:1a:06:cd:34:38,dclaptop,192.168.2.250
dhcp-host=ec:35:86:84:ad:a5,kvrphone,192.168.2.251
and put dhcp-ignore=tag:!known in /etc/dnsmasq.conf
service dnsmasq restart. Then plug in an unknown device and see if an ip is given -
Accepted Answer
I see. However I think my point is misunderstood or lost in translation. Sorry if my English is not good enough.
The whole point of this is is to permit not known devices to connect to the network. I don't want somebody to walk in, put his notebook down, connect it to one of the ethernet ports on the wall (or if he knows somehow the WiFi password) and recieve an IP address. I wish to deny every DHCP request on the spot when they try to connect and they are unknown.
Duncan: So if I just create a file like
then it is enough to wrinte only the/etc/dnsmasq.d/allowed.conf
options in it and that's all?dhcp-host -
Accepted Answer
I would agree with Nick - it would be cleaner to have a fairly default /etc/dnsmasq.conf file and put extra configs into files in /etc/dnsmasq.d.
COS has the ability to set static IP address via the DHCP server gui (see attached). It puts an entry into /etc/hosts which prevents the ip from being given to any other host
Or you can do it via and configuration file like this e.g. /etc/dnsmasq.d/fixed
dhcp-host=MAC_ADDRESS,HOSTNAME,IPAttachments:
-
-
Accepted Answer
-
Accepted Answer
Duncan:
One more question please. You've stated that I'm supposed to write something like this (dhcp-host=40:b8:37:c3:0e:33,dcphone) into my /etc/dnsmasq.conf file. Currently my file looks like the following:
bogus-priv
cache-size=5000
conf-dir=/etc/dnsmasq.d
dhcp-lease-max=1000
domain-needed
domain=mycompany.bap
expand-hosts
no-negcache
port=53
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody
dhcp-ignore=tag:!known
So I should just copy-paste all the equipents in the office into the file and save it as it is?
In addition I have about 40 equipments I have to assign to a static IP and disallow anyone else to get an IP. Is what you've said is still the best if not the only possible option to make this available? For me it looks alike a major missing fof feature from ClearOS.
-
Accepted Answer
@Imre dhcp-authoritative setting means that the dhcp server will only allocate addresses within the dhcp scope for that network. So if for example a laptop has previously been on network 10.0.1.0 and has ip 10.0.1.50 and your dhcp server is on 192.168.1.0 then an authoritative dhcp server will reject the request and the client should ask for another lease. If authoritative is off the dhcp server will ignore the request.
As far as I understand authoritative does not deal with MAC addresses but IPs
You can set host names in /etc/dnsmasq.conf like this
dhcp-host=40:b8:37:c3:0e:33,dcphone
So /etc/ethers will assign an ip to 40:b8:37:c3:0e:33 and dnsmasq.conf will assign the host name. Fiddly to setup, but it does work
-
Accepted Answer
Nick: Thanks, I was looking for this file. However, I'm affraid of editing it directly, plus as you've stated, it doesn't contain the hostnames. I also affraid to use my old dnsmasq config on the live server. But I might give it a try at home in virtual environment. If it works, then I'll just use that and ignore the webconfig.
It would be nice tho to be able to add new leases with hostnames so if I install a workstation it automaticly updates it's own hostname according to the dhcp lease I've set to him on ClearOS.
Duncan: Isn't it enough to disable the Authoritative mode to ignore any unknown MAC address? -
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »