Chris Dillon <[EMAIL PROTECTED]> wrote:
On Mon, 14 Feb 2005, Artem Kuchin wrote:
I have a table with ethernet (MAC) addresses matching IPs. It is
used to build dhcp config file. But regardless of that any user can
assign his neighbour ips while that pc is turned off and use it to
access internet. The local ips are 192.168. and are behind natd. I
am running 5.3-STABLE and have heard that ipfw2 can in someway use
MAC addresses, but how do I setup ipfw in such a way that it allows
certain IP only from one and only one MAC address? I hope you are
getting my idea.
What you probably want is static ARP entries.
arp -s 192.168.1.1 00:11:22:33:44:55
But that still won't stop someone from changing their IP address and
MAC address to match, it just makes it harder. To prevent that kind
of thing you need to use 802.1x authentication or maybe even PPPoE.
Um.. I just have read tutorial about PPPoE and did not find anything about
matching IP and MAC addresses. So, if i use PPPoE i still need to do
static ARP (i did not undestrand, how i somebody can match mac and ip
with static arp except that he actually get the physical NIC from somebody's
computer). Also, as i see, users on PPPoE can login from any computer and
get their IP address.It will not work because of static arp, but still, there
are
getting their address. And the last thing, if i am to migrate to PPPoE this
basically
means i will need to give up DHCP, because PPP will serve IPs, not DHCP.
Right?
And now the theory question. While i am running pppoe server on some
ethernet interface what disallows any user to use that interface as a ip
gateway without any pppoe? Just assigned themselves an ip, ignoring
pppoe and using the server as a gateway. I am probably missing some point
here.
--
Regards,
Artem Kuchin
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
