Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web-Based DHCP Server Frontends?

Posted by Cliff on from the making-maintenance-easy dept.

Strog writes "We are securing our administrative network and one thing we decided to implement is allowing only known MAC addresses get an address from the DHCP server. The techs aren't very Unix-centric so we would prefer to keep them out of the server directly. A web-based admin tool is what we are looking for. I've used webmin for a while but it likes to give each host a nice little icon which wouldn't be so good once we get all ~750 machines entered. Dixie looks good too but leaves a few too many options for techs to look at. I'm in the process of hacking webmin into what I need but wondered if anyone out there has some good options to offer. What we really need is boxes for hostname, MAC address and apply button and a list of current entries and a delete button." This was recently asked on a mailing list, but so far, no answers have been given. Might someone here have experience with such software that they would like to share?

2 of 36 comments (clear)

  1. Perl by droyad · · Score: 3, Insightful

    Sounds like a job for a good Perl script using CGI

  2. Two major problems by TheSHAD0W · · Score: 3, Insightful

    I see two major problems with your authentication scheme.

    First off, you have a catch-22 in the assignment system. You don't want to give a DHCP address to a system without its being authenticated, but your system won't be able to hit the net and get to the administrative machine to BE authenticated. Aside from manually typing in the MAC address on the main server, which I think someone would find annoying. I suppose you could DHCP unrecognized machines to an intranet address that's null-routed except for that admin machine, which would ask for a password, sniff the MAC address, and then add it to the DHCP system.

    But there's an even larger flaw with your scheme, which is that there's nothing keeping users from turning off DHCP and choosing an unassigned IP, letting anyone with a little know-how hijack your connection without going through your authentication and possibly cause conflicts on your network. DHCP is MEANT to be easy; add complications and you've ruined the whole point of having it.

    If you want to have a secure network, you're going to have to use a whole different system, such as using a protocol like PPPoE (unencrypted) or PPTP (encrypted) to log in to a central station and then have that machine handle routing, etc. From an ease-of-use standpoint, this would be a lot simpler, both for end users and your inexpert managers; they add a name and password to the list, and each user needs his name and password to log in. If someone changes hardware, no problem.