[jdidierv]

Hello,

I wanted to ask you, how can I block IP adresses in my network?, this is, to activate or desactivate some ip adresess, and just the ones i give authority to use can be used and the other ones don´t, to know who is in my network, to give some persons access to the internet and some other just to the lan.

I have a Win 2000 Server as a DC.

Thanks for your help.

[Advertisements]

Hello jd,

From what I'm reading, you may need to restructure your network to achieve what you are asking to do with more control. If you could somewhat explain the physical layout of the network, we may be able to find workarounds. But you will more than likely need to seperate each group. You could try a tri-homed Linux machine to act as a router/firewall and use different network addresses for each group.

Greazy Mcgeezy

[Greazy]

Hello jd,

From what I'm reading, you may need to restructure your network to achieve what you are asking to do with more control. If you could somewhat explain the physical layout of the network, we may be able to find workarounds. But you will more than likely need to seperate each group. You could try a tri-homed Linux machine to act as a router/firewall and use different network addresses for each group.

Greazy Mcgeezy

[jdidierv]

Ok look:

I´m in charge of the IT administration in a company, and i would like to have a better control of the IP adresses from the company, in here to get to the network you only have to put an IP adress on your computer, and if someone comes here they can get acces to the internet and shared folders just by putting a free IP.

I was thinking in activating the DHCP service in my server, to forget about giving IP´s to all the computers, and asociating them with the mack adress, so no computer has another ip adress thats not asociated with it´s mack adress, but this is to much work because i´ll have it to do it manually and there are several computer to get this data from there.

I don´t know if theres some kind of service in the win 2000 server to activate only a small range of IP and not the whole range or if you know something to help me in the administration of the IP adresses, i would prefer to do it with a windows service or function, but if its not possible, any program you sugged to do this it´s good, if you know some page where i can get some information about that or something.

Well i don´t know if you have any other question or something i can help you with to help me.

Thanks a lot.

[Greazy]

The thing is, without seperating your network in any way, all of the IP addresses will have to follow the same scheme in order to connect with the rest of the network. You can still use almost the exact same scheme that you have, but you would probably have to reassign what computers have what IP. You would want to insert a dual-homed Linux machine to use as a firewall/router and then you can assign what IP addresses can go where. If you decide to go this route (cheaper than purchasing more devices than needed), then I will help you write the firewall script that would be useful to you. I understand that this is really not what you wanted to get into, but in the long run, I think this will give you more of what you need. As far as the resources on the internal network that can be accessed by anyone, anywhere, that would be resolved by using seperate user accounts for each user that logs onto your network, and only allowing those users access to the resources in question instead of limiting by IP address (which could also be done).

Hope this helps.


Greazy Mcgeezy

Edited by Greazy, 31 May 2005 - 05:27 PM.