Gargoyle Forum

Hi
I have assigned static IP addresses to my computers via the router using the MAC address. So the router assigns a IP address for my PC.

The reason I want this is because I assign quotas to the individual PC`s.

But I found out you can bypass the quota system by assigning your own IP to your PC, Is this a bug or am I doing something wrong?

Thanks
Gareth

You're not doing anything wrong, if the PC doesn't make a DHCP request (which it doesn't need to, since it has preconfigured IP) it won't get assigned the (other) IP that the router has for it in its static DHCP server list

The solution to this is create a small quota for "All Others Combined". This will catch usage of anyone cheating the system.

There is also a DHCP setting "Block MAC addresses assigned a static IP that connect from a different IP" but I don't know how secure this would be in your situation. It's still possible to spoof a different MAC address, just not quite as easy as changing IPs.

It's also possible they could take a valid IP belonging to another PC but you should notice this soon enough.

Hi

I have tried the setting "Block MAC addresses assigned a static IP that connect from a different IP" but you still can bypass it.

I will assign a small quota for all others, that should probably fix the problem of people assigning static addresses.

Thanks for the help

Crowbar wrote:I have tried the setting "Block MAC addresses assigned a static IP that connect from a different IP" but you still can bypass it.

I've never actually tested this myself, but if what you say is true it must be a bug. I assume you set a fixed IP in DHCP for the MAC address, then a different fixed IP on the PC... and it still connects even though this option is enabled?

Edit: Just tested this and you are right, the "Block" option seems to do nothing. The download goes against the "All Others" quota but the connection is not blocked as expected.

I've had reports of this issue before, but every time I try to replicate the error, I can't. I just tested again on 1.1.2 and (at least for me) it seems to work. I tested both wireless and wired hosts, and both are blocked if they try to connect with a static ip other than the one assigned.

It occurs to me that maybe this bug is related to PPPoE. That would explain why I'm not seeing it and others are (since I don't have a PPPoE connection). In the past, that's been an explanation for some bugs that I've had a really hard time replicating. With this assumption, I'll look into what might be going on.

I have found a work around its not ideal but it works, I start assigning IP`s from 100, for example I have IP from 100 - 103 so what I did was go to firewall, restrictions and blocked access to the network from IP 2 - 99 and 104 - 254. It works like a charm.

its not pppoe related. I have that problem and i don't use pppoe. I had to use the firewall to block connections from unapproved IPs.

I still have trouble with people (or viruses) using the internet from someone elses IP, using up their quota. There is no way to stop this. There is no way to know who is doing it.

Hmm... that's really frustrating since I can't replicate the problem.

Monoufo: are you sure that the MAC addresses haven't been cloned (there's no good way to deal with that), and that the MAC being used has a different, static IP assigned?

Note that this option (should) guarantee that a given MAC gets assigned a specific IP, not that someone with a different MAC can't set a static IP that is the same. Though I should probably implement an option to do the latter as well, now that I think about it....