From owner-freebsd-questions Tue Oct 22 11:54:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16C2237B401 for ; Tue, 22 Oct 2002 11:54:47 -0700 (PDT) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3E1043E77 for ; Tue, 22 Oct 2002 11:54:38 -0700 (PDT) (envelope-from fbsd-q@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.12.6/8.12.6) with ESMTP id g9MItio3025364; Tue, 22 Oct 2002 20:55:45 +0200 (CEST) (envelope-from stable@ei.bzerk.org) Received: (from stable@localhost) by ei.bzerk.org (8.12.6/8.12.6/Submit) id g9MItiuK025363; Tue, 22 Oct 2002 20:55:44 +0200 (CEST) Date: Tue, 22 Oct 2002 20:55:44 +0200 From: Ruben de Groot To: Scott Pilz Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW/NATD Message-ID: <20021022185544.GA24937@ei.bzerk.org> References: <20021022105018.S62012-100000@mail.tznet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021022105018.S62012-100000@mail.tznet.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Oct 22, 2002 at 10:55:26AM -0500, Scott Pilz typed: > > The answer to this is more than likely 'no'. > > But I'll try anyways. > > Setup: NATD/IPFW > > Say you have an IPFW rule to allow 10.0.0.2 through NATD - thus into the > internet - and everything else to be blocked. > > Your machine (10.0.0.2) that is being firewalled by NATD/IPFW works fine. > Then someone else sets their machine up to 10.0.0.2, and now they can also > get out into the network (there will of course be an ip conflict). You can use arp(8) to make a permanent entry in the arp table on your NAT/Firewall box to prevent anyone else to use this IP address: arp -S 10.0.0.2 Your_machines_MAC > > My question is, for security, is there any way to use this type of block > based on MAC ID. Almost to bond the MAC ID to the IP Address so the only > computer that can use the IP address 10.0.0.2 is with MAC ID ? > > > Thanks, > > Scott > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message