Prevent client from using static IP

Discussion in 'Tomato Firmware' started by bleistift17, Oct 15, 2007.

  1. bleistift17

    bleistift17 LI Guru Member

    Hi @ all

    First of all, I have to say, that I'm really delighted with the Tomato Firmware. I used to have DD-WRT, but Tomato is much better (especially all the statistics and the faster web-interface).

    I have a Linksys WRT54GL v1.1 (with Tomato v1.10.1188 running) and everything works fine, except of one thing:
    I want to have the IPs for routers, servers and testing stuff, which needs a static IP. The IPs from should be for "normal" clients, and will be allocated for DHCP clients. However, one Client refuses to use the DHCP-server, so he sets his IP manually and that IP happens to be in the 1-149 range. :(

    Is there any way to prevent that Client from using his own IP-Adress or, asked the other way round: Is it possible to "force" that client to get his IP from the DHCP server, e.g. by setting a static ARP entry in the routers ARP cache ?

    Thanks in advance :),

  2. danix71

    danix71 LI Guru Member

    You can "force" clients to put an static IP unchecking the box from DHCP server and instead use "static DHCP" (MAC-->static IP adress).

    Attached Files:

  3. GeeTek

    GeeTek Guest

  4. bleistift17

    bleistift17 LI Guru Member

    Thanks, but the thing is, that I want to use DHCP for "normal" clients, but I don't want such "normal" clients, to assign themself a static IP.

    - So with the DHCP server turned off, clients will be forced to use static IP
    - With DHCP turned on, the router offeres a DHCP lease to the clients, but they still can assign themself a static IP

    I want a solution, where clients are forced to use DHCP.
  5. bleistift17

    bleistift17 LI Guru Member

    Thanks, that would be a solution, but however I would also have to block all other IPs, which that client could use. Isnt there a way of checking the DHCP leases by a cronjob and block internet access for that machine, when its MAC-IP entry in the ARP-cache doesnt fit to the MAC-IP entry in the DHCP leases ?
  6. GeeTek

    GeeTek Guest

    I don't think that is possible. Your DHCP server still works for normal clients. You will have to play a game of "Whack-a mole" with this obstinate user until he gets the point. You might also comprimise with him by adjusting your DHCP starting range up by 1 address to and see if he is satisfied with using static IP I hate DHCPee also, and can symapthise with somebody not wanting to use it.
  7. GeeTek

    GeeTek Guest

    Dunno. If you piss him off too much there are a lot of other nasty things he can do to the network besides juggling static addresses.
  8. sovteq

    sovteq Guest

    try iptables and firewall. set to blocking each connection but allow connection from that ip wich is connected throught specific mac adress.
  9. bleistift17

    bleistift17 LI Guru Member

    I have read a few things about iptables, but I'm really a n00b when it comes to iptables. :frown:

    Could you give me an example, how to realize this ?
  10. jon124

    jon124 LI Guru Member

    walk up to him and ask him nicely?
  11. ifican

    ifican Network Guru Member

    To be quite honest i think more time is being wasted here thans really necessary. If ip space is an issue, change to a much larger mask and use an obsure area of that range for your static assignment. And im with geetek in the sense if you really piss someone off and they can attain access to your network they can create havoc if they so choose.
  12. bleistift17

    bleistift17 LI Guru Member

    Okay, maybe you guys are right.
    But however it would be a nice "feature" to prevent eg. mobile clients from using static IP adresses, (which could interfere with servers, ) of which they not even know they're set. Because everyone, that connects to my network wants to have a working internet connection, and as soon as he/she notices, that its not working, he/she will propably configure the OS to obtain an IP by DHCP :)
  13. GeeTek

    GeeTek Guest

    Set the router LAN IP to subnet mask Make the dhcp server start at and end at and put your static servers in the range of - There is an extremely slim chance that somebody will have a pre-programmed address in the static IP range.
  14. bleistift17

    bleistift17 LI Guru Member

    Maybe that would be an idea, but then I would have to change all that IP stuff on the servers and so on. I think, its not worth the trouble.

    Actually I already "solved" this problem by talking to the person and asking him to use DHCP. He agreed, after I told him, that otherwise I would block Internet-Access for his PC. :biggrin:

    ( He doesn't know what he could be able to do with my network, eg ARP-Attacks and so on. )

    So thanks again for all your help :)
  15. jon124

    jon124 LI Guru Member

    finally somebody uses common sense
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice