From: David Borton (david@santafe.edu)
Date: Wed Apr 07 2004 - 18:14:14 CDT
Hi Mike-
Yes, your second idea seems to be plausible. We could "simply" subnet
our LAN, in which case we WOULD need a router and NetReg would be in
its element.
The first idea is not applicable because we don't care if people go to
the greater internet. We just don't want them to have free rein within
our firewall.
It might be acceptable for us admins to manually register new systems,
and have the DHPC server just hand out bad IP addrs or no addr at all
for unregistered systems. So the fact that the Netreg server is
unavailable is not so very bad.
I hope this thread will continue...
-David Borton
On Apr 7, 2004, at 3:22 PM, King, Michael wrote:
> Hi David
>
>
> First of all, you can hand out fully routable ip's via Netreg for
> unregistered address, and you can just block them on the firewall.
> This
> is the orginal config, and if you look at the primary distribution, I
> believe the config files reflect this.
>
> Second.. A DHCP server has to hand out an IP address, otherwise, you
> can't contact the Netreg server to register.
>
> Now...
> Multiple subnet can exists on the same wire. We have both our
> registered and unregistered address on the same wire. The key work is
> a
> "secondary" interface in cisco speak.
>
> Did I give you enough info to hang yourself yet? Or are you still with
> me.
>
> Mike
>
>> -----Original Message-----
>> From: owner-netreg@southwestern.edu
>> [mailto:owner-netreg@southwestern.edu] On Behalf Of David Borton
>> Sent: Wednesday, April 07, 2004 4:44 PM
>> To: netreg@southwestern.edu
>> Subject: NetReg: Netreg on a LAN
>>
>>
>> Hi folks,
>>
>> I'm new to NetReg and haven't implemented it yet. I hope someone can
>> answer my basic capability question.
>>
>> Reading the very nice doc by Patrick M. Jacques, I see that NetReg
>> works by giving a non-routable IP address to the unregistered user or
>> assigning them a bogus DNS server.
>>
>> I am not sure if that will work here at my Institute, where
>> we are all
>> on a single LAN, visitors and permanent hosts alike. The only router
>> is a firewall between us and the internet. Our main desire
>> is to make
>> sure that visitors who bring in viruses can be identified,
>> and prevent
>> visitors (there are a lot of them, and they bring in their own
>> Windows/Mac/Linux laptops) from using our LAN and resources until
>> virus-checking can be applied.
>>
>> It would seem to do little good to prevent them from being
>> routed since
>> we have no internal routers.
>>
>> Maybe NetReg could be adapted so that the DHCP server returns no IP
>> address at all for unregistered folks?
>>
>> Thank you all,
>> David Borton
>> Computer Systems Manager
>> Santa Fe Institute
>> 505-946-2716
>>
>> **********************************************************************
>> To unsubscribe from this list, send an e-mail message to
>> majordomo@southwestern.edu containing a single line with the
>> words: unsubscribe netreg Send requests for assistance to:
>> owner-netreg@southwestern.edu
>> **********************************************************************
>>
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:45 CDT