If you have some users that need full access to the web and not be subjected to the block categories/lists, this tip will be an easy solution. As you know, the web content control module offers both pass and block URLs. On the Pass List tab, you have the option to click the "Clients". You can add the client's IP address and this client will be able to go anywhere on the web, while everyone else be be subjected to the block and pass categories/lists.

Screenshot:
http://wiki.untangle.com/images/0/0b/Clientpasslist.JPG

How does this help if you use DHCP for all computers?

Configure DHCP server to bind a MAC address to get the same IP address on the address pool.

The binding to the mac address does not work as we image all PC's and whenever a PC is faulty, we swap it out with a newly imaged PC and thus we create a cycle of computers. This cycling of PC's will change the MAC address and since we have 36 different sites with different IP schemes from 192.168.0.x to 192.168.38.x. What about the Active Directory Users? Anyway to do it with that as well to allow the user login name "TSMITH" to allows be allowed without filtering?

Thanks,
Joey

Brainz, very good point. We are working on the 4.2 to support AD integration for the reporting. After that, we are working on the policy management with AD. Please stay tuned, we are very close to making this possible with the upcoming releases of the Untangle.

Wouldn't it be easier to also add hostname resolution if you have Untangle pointing to you internal DNS server?

The best solution would be getting the AD module (al-a-carte) from Untangle.

How does this help if you use DHCP for all computers?

If you are doing professional networking (ie:file sharing, printers etc.) you shouldn't be running DHCP, in the first place. So many advantages to using manual assigned ip addresses as oppossed to using DHCP. DHCP is really only good for one thing. BROADBAND SHARING IN A DIY HOME INSTALLATION.
And, it doesn't always work doing that.

For printers, routers, switches and other pieces of network infrastructure, you're very right. For users, using static addressing (particularly in a Windows shop) makes user administration a full time job, and you still have to get the network part of the job done too. That doesn't even consider the Help Desk who has to deal with the people who take their laptops home or on the road.

If you are doing professional networking (ie:file sharing, printers etc.) you shouldn't be running DHCP, in the first place. So many advantages to using manual assigned ip addresses as oppossed to using DHCP. DHCP is really only good for one thing. BROADBAND SHARING IN A DIY HOME INSTALLATION.
And, it doesn't always work doing that.

You must only have a few computers to administer and no laptops. Try your solution on a network with 1,000s of computers and many laptops going between sites. What a nightmare!

Your thinking is very shortsighted and I think the opposite of what you are suggesting would be true. Static for home installation and DHCP for larger installs.

You must only have a few computers to administer and no laptops. Try your solution on a network with 1,000s of computers and many laptops going between sites. What a nightmare!

Your thinking is very shortsighted and I think the opposite of what you are suggesting would be true. Static for home installation and DHCP for larger installs.

Ditto, anyone with real experience with a network knows DHCP is a life saver. Also, DHCP reservations are useful for servers as well, it provides a single place to self-document your entire commercial IP space. It does however introduce a point of failure at your DHCP server so you have to design around that.

Brainz.. to work around your issue. Open device manager, hit the network card's properties, go to advanced, select network address, fill in the box with a MAC address of your choice, click OK.

Who says you have to lose your MAC if you swap nics? All you have to do is make sure the MAC is unique to your network and you're golden. Generate your own make the configuration per user and move on with your day.

Who says you have to lose your MAC if you swap nics? All you have to do is make sure the MAC is unique to your network and you're golden. Generate your own make the configuration per user and move on with your day.


SkyNight;
I was looking for a way to filter traffic by MAC address and this thread caught my eye. I am a bit of a noob but I wanted to know what are the implications if I send a laptop out into the wireless world and it stumbles upon a device with the same mac address?

I know that there are IP address reserved for private use, e.g 192.168.1.xxx.
Is there a range of MAC addresses for the same purpose?

Thx in advance

Yes, however, MAC addresses don't go past the first router. If you do get into a situation where you have two interfaces on the same network with the same MAC address strange things start to happen. You'll end up with chronic IP conflicts because the DHCP server will hand you the other machines IP address... arp won't resolve so you won't get proper switching... heck cheap switches can lockup outright. That is why I said generate your own, if you reuse an address from another piece of equipment you might run into duplication problems.

As for a reserved range of MAC addresses? Not that I'm aware of, the MAC is carved up by manufacturer. The first 3 sets of numbers match the company that built the card. This is all controlled by the IEEE.

http://standards.ieee.org/regauth/oui/oui.txt

Don't you know there are several ranges in that list that are locked to "PRIVATE" I'm not sure if that means the same thing... but one of the prefixes being 10:00:00 sure does LOOK the same as the 10.x.x.x private range. So I guess this technically means you can use 10:00:00:xx:xx:xx:xx:xx and fill the x's in with literally anything and be ok?