Disable use of static ip addresses

[Labomba]

Hello,

I use a Zentyal server with a Wan and Lan interface.
On the Lan card i use a static IP in combination with a DHCP server.
All the authorised members in LAN get there IP via DHCP.
I want to disable access for users that add there unauthorised pc's with a static IP  .

Is this possible in Zetyal, if yes how (disabling the access to the gateway/Zetyal server should do the trick)?

Beste regards,

[Escorpiom]

Yes it is.
And even better, you can make network objects with the IP's of your clients together with the MAC address.
You should delete from the firewall "Filtering rules from internal networks to Zentyal" and "Filtering rules for internal networks" the rules "any-any".
Or else set the any-any rule as the last rule and set the policy to "deny".

Proceed with adding your users to the list by adding new rules. Choose the network objects you created previously.

The advantage of this setup is that nobody can spoof his MAC address to gain access, because he/se has to know the correct IP. Only clients with IP xxx AND corresponding MAC xxx will be allowed access.
Even then, two identical MAC's or IP's will cause trouble on the network so it should be hard enough for regular users to cheat.

If you are using transparent proxy, keep in mind that you have to set that up also.
If you are using none-transparent proxy you can enable authentication (password prompt) for http traffic.

Cheers.