[neo_philac]

OK Guys I need help. I have a very small network (lets say x.y.z.0 - x.y.z.255). Now I do not have any control over the router. But I am in control of the switch that splits the network from one single physical line (wire). I have a bridge fire wall between the line and the switch that filters out the intrusion. The way I distribute the IP addresses is through a dhcp server (its a dynamically static IP), meaning some of the machines I put as static and the other machines that I trust and control (limited access) are set through the dhcp with MAC address.

host LMNOP {
	   hardware ethernet xx:xx:xx:xx:xx:xx;
	   fixed-address x.y.z.20;
}

Not as you guys know we can set a subnet in the dncp.conf

# ip addresses available for everybody
subnet x.y.z.0 netmask 255.255.255.0 {
	   range x.y.z.200 x.y.z.220;
}

for IP addresses I have available and that I can give out to people who visit and hook up their computer to browse and do stuff, which we need. But recently someone has been trying to download some illegal stuff (p2p) via that open IP range. Now the way I limit my security outbreak is to trust my users and limit their activity. But how can I control the activity on that IP range? BTW - I do not have any VPN setup so no authentication process, I dont know how feasible it would be to setup one for such a small network! I do all my stuff via ssh.

My thoughts:

1. I can stop service for that range, meaning no range to get IP from but if by any chance the person knows the domain s/he can statically set one ?!?

Please help. This is not how I would set things up if I had full control oner the network but unfortunately this how it is. But I also need to secure this network too. So, I am asking for help

Thanks in advance.