Date: Tue, 22 Oct 2002 20:55:44 +0200 From: Ruben de Groot <fbsd-q@bzerk.org> To: Scott Pilz <tech@tznet.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW/NATD Message-ID: <20021022185544.GA24937@ei.bzerk.org> In-Reply-To: <20021022105018.S62012-100000@mail.tznet.com> References: <20021022105018.S62012-100000@mail.tznet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 22, 2002 at 10:55:26AM -0500, Scott Pilz typed: > > The answer to this is more than likely 'no'. > > But I'll try anyways. > > Setup: NATD/IPFW > > Say you have an IPFW rule to allow 10.0.0.2 through NATD - thus into the > internet - and everything else to be blocked. > > Your machine (10.0.0.2) that is being firewalled by NATD/IPFW works fine. > Then someone else sets their machine up to 10.0.0.2, and now they can also > get out into the network (there will of course be an ip conflict). You can use arp(8) to make a permanent entry in the arp table on your NAT/Firewall box to prevent anyone else to use this IP address: arp -S 10.0.0.2 Your_machines_MAC > > My question is, for security, is there any way to use this type of block > based on MAC ID. Almost to bond the MAC ID to the IP Address so the only > computer that can use the IP address 10.0.0.2 is with MAC ID <whatever>? > > > Thanks, > > Scott > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021022185544.GA24937>