lease for only 2 hours

[Simon Hobson]

Bazy wrote:

>I need dhcp to lease an IP address for 2 hours, and when the lease
>expires the user will get no IP address or a new address from another
>pool witch isn't NAT-ed out to the internet.
>
>I need this for a public place, where people don't need their IP for
>more then 2 hours, and the neighbours don't need free internet :)
>
>And at the end of the day it will flush the mac address table, and if
>the person comes back, it will lease him again his 2 hours IP address.

A trawl of the archives would tell you that the ISC Server CANNOT do 
this - it is simply too alien to the requirements it is designed to 
support.

>Of course one can set up the IP address manually, for this I'll make
>daily differences between the leases file and the arp table, a simple
>bash script I guess.

I think you may be better off looking at one of the 'walled garden' 
firewall setups (aka hotspot function), ie :
- where you connect, get an address, but can't route external traffic 
(all http traffic gets redirected to your 'internal' server) until 
they have registered/paid/whatever to get outside access.
- a rule is added to the firewall to allow outside access and the 
user gets 'internet' access according to whatever profile you've set 
up.
- when the allowed session expires, the rules are changed back, and 
the user can no longer access the internet.

Your proposed scheme with DHCP falls down on two counts :

1) The user can simply change the MAC address and carry on for 
another two hours.
2) Your neighbours simply assign their address statically and bypass your DHCP.

Just checking the ARP table won't neccessarily catch someone doing 
(2) since ARP entries are typically only cached for a few minutes.