1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can we have more security control over DHCP Server IP Address Range

Discussion in 'Tomato Firmware' started by xtacydima, Nov 6, 2012.

  1. xtacydima

    xtacydima LI Guru Member

    I was just wondering how we specify a range of addresses we want to have but if some equipment were to manually be set to an IP outside of the range then it will still work.

    For example, I have a switch that is 192.168.1.2 (manually set on the smart switch itself). I allow a range of 192.168.1.50 - 100 respectively. I would think that part of the security behind setting a dedicated range, is that anything outside of that range, get's blocked from internet and all resources.

    Is there any way to implement this?
     
  2. gfunkdave

    gfunkdave LI Guru Member

    What you describe is a nonstandard setup.

    You could use iptables rules to implement what you want. It still wouldn't prevent someone from manually specifying an IP in the DHCP pool to get around your prohibition.
     
  3. PBandJ

    PBandJ Networkin' Nut Member

    DHCP has nothing to do with security, it just manages IP allocation for you.
    Any IP, both inside and outside (but within subnet mask range) that pool range that is correctly configure (subnet mask, default gateway, routing rules) will have access to the LAN's resources.
    As gfunkdave wrote, you need some other means to enforce a security policy.
     
    koitsu likes this.

Share This Page