help needed to control access to proxy server on the basis of MAC

[tcpipprogram]

Hello Friends,
Currently the problem we are facing is of unauthorize access to our proxy server.Though we are able to restrict users on the basis of IP address through proxy server settings But everything is not fine as if one user is on leave for a day his ip address is used by other persons so we are not able to fix the responsibility for the contents being accessed by a particular ip address.So we have thought of designing a program according to which we can restirct control to our proxy server on the basis of network card address(MAC ADDRESS).As i am new to this field i need ur help in this.The platform we are using is WIN NT 4.0(SP4),and Netscape proxy server 3.5 and language we will use is C.If you need any of other details i will made them available to u.You can help me by suggesting any resources which can help me in creating this program like books i should read for this,any websites or newsgroups which can help me in creating this program.All kind of help is welcome and i want to thank you in advance for that.Bye for now.

 

[bcastner]

Why not disable DHCP and assign static addresses.

 

[pansophic]

Or set up your DHCP server to provide static IP addresses to specific MAC addresses (sorry, I can do this in Linux, but not M$). You would only need to do so for the few machines that get special privileges.

If your internal network is routed, then you will have difficulty using the MAC address as a discriminator. Do you have a flat network currently?


pansophic

 

[bcastner]

pansophic,

Some routers provide this functionality, reserving the IPs by MAC. It is a nice feature.

Some routers also allow MAC filtering. I think the SMC is the cheapest I have seen that does it for wired clients.

 

[Breakerfall]

Linksys routers provide MAC filtering too.
Beautiful.

 

[bcastner]

Breakerfall,

He needs to restrict the proxy server, not the router.

So the same MAC can get different IPs through DHCP is the problem. He needs a direct pairing of MAC --> IP.

I have not used the MAC filtering for a while on the BEFSRxx series, as it really worked terribly in the past. But due to your suggestion I will play with it again. Not quite MAC reserved IPs, but a very valuable feature if it works in the newer firmware releases.

Thank you for reminding me of a long ago ignored feature of the routers.

Best.

 

[Breakerfall]

I don’t see why pansophic’s approach wouldn’t work.

Tcpipprogram: you said that at the moment you ARE able to control access to the proxy server on the basis of IP address, right?

So what happens if:

•You set up IP reservations on the DHCP server for those specific clients that should be restricted from accessing the proxy server.

•You set up the proxy server to restrict access to those reserved IP’s (just like you are doing right now). Remember, since you are using reservations, the same NIC card will get the same IP every single time.

I’d like to know how many clients actually need to access the proxy server
And how many SHOULDN’T.

If only one or two clients need to be restricted, then creating reservations I think is a practical solution. But if the number of clients that need to be restricted are too many, then creating restrictions becomes a PITA.

Kup, thanks

 

[bcastner]

Breakerfall,

Because the Linksys IP filter approach would block ALL traffic for that IP.

What he wants to restrict is proxy traffic, only.

 

[Breakerfall]

I'm not talking about using the DHCP capability of the Linksys router, but using a DHCP server itself.

 

[bcastner]

Breakerfall,

The router at the cable headend, the one assigning what to the client is their external IP, that is where the cable-user to cable-user traffic is being blocked.

This is deliberate.

And it is not customer configurable.

What exactly are you suggesting this guy do?

 

[Bobg1]

I have never worked with Netscape proxy.
Can you set it up so the users have to authenticate to it?
If not, might be time to try a different proxy.