Solved Reserved list in router doesn't seem to work

  • Thread starter Thread starter Yanta
  • Start date Start date
Y

Yanta

Guest
Some time ago I was discussing ways and means of stopping my kids changing their IP addresses to get around ACLs I'd created on my DLINK router.

Two solutions were offered: OpenDNS, which I'm still using, and setting up a DHCP reservation using MAC addresses.

Recently I had to replace one of the machines. Lets say the original machines mac address was 0A:0A:0A:0A:0A:0A (just for convenience), and it's IP address was 192.168.1.4.

When I replaced the machine the MAC address is completely different.

I completely forgot to update the DHCP reservation. Yet, the PC can access the internet.

If I change the address on the machine, of course, it still connects to the internet, I guess because the MAC address is not in the DHCP reservation list. So I updated the entry in the router.

The computer still accesses the internet with 192.168.1.4 (as I would expect), but if I change the address to 192.168.1.99 (for example), it still works.

So.. Without the mac address in the router (but with a reservation using the IP address), there appear to be no restrictions. I hoped the router would match the MAC address to the requesting IP address and go "Nope, these dont match. Sorry, I'm not letting you connect".

Obviously I've done something wrong when I set it up.

Can anyone suggest why this might not be working?

thanks
Tanya
 
There are 2 things in here: First, if you created your ACLs based on MAC Address, there is still a way to bypass it: by changing local MAC Address -- many NICs do allows that.

Second, if you created ACLs based on the IP address, you should also update the DHCP to offer the old IP address to the new MAC Address.

What I could suggest you, then, is to create a rule in the very bottom, to deny any unknown MAC Address, and then update the rules to allow your kids to browse -- either via their computer's MAC Address or via IP with the updated DHCP reservation. Pretty much you had done all of this, but missed the "deny all" in the bottom.
 

My Computer My Computer

OS
Windows 7 Ultimate x64 SP1 | OSX Lion 10.7 x64
CPU
Intel Core i5 750
Motherboard
Asus P7P55D LE
Memory
4x Corsair Value DDR-3 1333MHz 2Gb
Graphics Card(s)
Sapphire HD4850 512Mb HDMI+DVI+VGA
Sound Card
Sound Blaster Audigy 2 ZS Platinum
Monitor(s) Displays
Samsung Syncmaster 245BW
Screen Resolution
1920x1200
Hard Drives
Samsung Spinpoint 160Gb
Seagate Barracuda 200Gb
PSU
Seventeam 650W ATX 2.3
Case
Coolermaster Centurion 532
Cooling
Stock cooling system
Keyboard
Logitech G15 Gaming Keyboard
Mouse
Razer Deathadder
Internet Speed
10Mbit Down / 1Mbit Up ADSL2+M
Other Info
Apple AirPort Extreme 802.11n (single band)
1Tb External USB HDD (AEBS volume)
Linksys WAG120N ADSL2+ Modem/Router
Thanks HQuest.

The ACLs are IP address based

I think your "second" is the step I missed for that PC when I repalced it, otherwise all other machines have IP and MAC and machine name in the DHCP reservation list.

However, even after correcting it (That is the MAC address and machine name matched, but the IP address didn't) the PC still could access the internet.

I have a network printer, PS3, XBox and Wii consoles that are not in the DCHP list, basically because the router only allows 15 addresses, and I had used them all up.

So, if I add the deny all, will that kill the console access?
 
The answer to my question was "Yes". It killed console access. It also killed Internet access for all computers in the house.
 
You must log in or register to reply here.

Similar threads

Lost ability to Remote Desktop into Win7 machine, 0x519 error
Replies
2
Views
3K
ebo
E
My Specific SSIDs Are Not Showing Up In Available Wi-Fi Networks
Replies
8
Views
7K
torchwood
torchwood
Should I change the router if I want more speed in wifi connecttion
Replies
16
Views
2K
jraju
jraju
Strange IP belonging to DoD Network Info Center found in 'arp -a' cmd
Replies
2
Views
3K
matrixshaman
M
How to resurrect previous programs after forced Win7 re-installation
Replies
2
Views
57K
Supertechster
S
Back
Top