On Feb 4, 2008 10:12 PM, Brian Richardson <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Here's my problem and my current understanding:
>
> I have 3 interfaces in my WAP box, external, internal and wireless.
>
> I'd like to have MAC filtering for addresses with access to the external
> network, but allow guests to connect to the wireless network to help
> with copying files around in the same room.
>
> I need to run dhcpd on both the internal interface and the wireless
> interface as guests might not have wireless. ALL clients on the wireless
> network MUST use DHCP to obtain their address.
>
> My dhcpd.conf is as follows:
>
> --
> shared-network LOCAL-NET {
> option domain-name "example.org";
> option domain-name-servers 192.168.1.1;
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> option routers 192.168.1.1;
> range 192.168.1.32 192.168.1.127;
> }
>
> host laptop {
> hardware ethernet 00:de:ad:be:ef:00;
> fixed-address 192.168.1.10;
> }
> }
>
> shared-network WIRELESS-NET {
> option domain-name "example.org";
> option domain-name-servers 192.168.1.1;
>
> subnet 192.168.2.0 netmask 255.255.255.0 {
> option routers 192.168.2.1;
> range 192.168.2.32 192.168.2.127;
> }
>
> host laptop-wireless {
> hardware ethernet 11:de:ad:be:ef:11;
> fixed-address 192.168.2.10;
> }
> }
> --
>
> So, the problem is that dhcpd listens on both ends of the bridge that
> would be used for MAC filtering. DHCPDISCOVER requests are acknowledged
> on both interfaces, and the wireless client will receive a random
> address from either the internal or wireless network. laptop does not
> consistently receive its fixed address. I understand why this is so, as
> the DHCPDISCOVER/DHCPOFFER packets cannot be filtered in BPF. HOWEVER, I
> have been unable to find dhcpd configuration which will prevent the
> request from being processed on both interfaces. If I turn off the
> bridge, I lose the MAC filtering. Is there any way I can have the setup
> I desire? Not all registered MAC addresses will have a fixed-address, so
> I can allow a guest access to the external network by simply adding
> their MAC address to the bridge.
>
> Thanks,
> Brian
First, I don't see your fixed-address hosts getting a router option.
Also, my fixed-address hosts are part of the subnet, not outside it.
Lastly, I don't have the shared-network "wrappers" around my subnet
definitions, but that seems like an ommission on my part.
Anyways, I've effectively got this same physical setup and it works
perfectly in 4.1. Your laptop has two interfaces and a different MAC
for each; assuming everything is configured right, dhcpd will give out
the fixed IP mapped to the requesting MAC address. If you don't want
both LAN and WLAN addresses, shut down the interface you don't care
about.
Good luck.
--david
