Unable to Ping / Shared Network
Simon Hobson
dhcp1 at thehobsons.co.uk
Thu Jul 7 22:24:13 UTC 2011
Barry Stear wrote:
>What I am trying to accomplish is I want to
>separate unknown clients from known clients and
>only provide the unknown clients with Internet
>access but not allow them access to any samba
>shares on the network. I was thinking denying a
>subnet would be easier then denying a range of
>ips. I realize now that I might have made this
>more difficuly then needed. I want to be able
>to VPN into the server as well which I think
>puts me in the same boat where I need a separate
>subnet for those clients.
Ahh, no we're getting somewhere !
First thing to understand is that DHCP is NOT a
security protocol. Any device can be configured
by other means and that bypasses anything you do
via DHCP.
I'd be more inclined to just put unknown devices
in a specific IP range and apply access controls
(filters) to prevent access to the Samba shares.
Alternatively, as José Queiroz says, put them on
a physically different network - either a
separate switch, or VLANs on a managed switch.
A shared network doesn't actually gain you
anything in this situation other than headaches !
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list