From owner-freebsd-questions@FreeBSD.ORG Mon Nov 10 22:34:10 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 61FF9FA for ; Mon, 10 Nov 2014 22:34:10 +0000 (UTC) Received: from forward15.mail.yandex.net (forward15.mail.yandex.net [IPv6:2a02:6b8:0:801::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 16816786 for ; Mon, 10 Nov 2014 22:34:09 +0000 (UTC) Received: from web4j.yandex.ru (web4j.yandex.ru [5.45.198.45]) by forward15.mail.yandex.net (Yandex) with ESMTP id B421A9E1C28 for ; Tue, 11 Nov 2014 01:33:56 +0300 (MSK) Received: from 127.0.0.1 (localhost [127.0.0.1]) by web4j.yandex.ru (Yandex) with ESMTP id 7AEA5300431; Tue, 11 Nov 2014 01:33:55 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1415658835; bh=wI6i6El7sQi8nXEoH5Y+2D2BhNyJHMLm02NI4LCG3sM=; h=From:To:Subject:Date; b=c19dxY0Iu2u6rqtPCcAdlqGEMX37ZFChhxYAKs1sut9ihFmMFSJ2CO1xTKrvMKfCn M3ZISz4Ms+2P04P66ghJn3I76I3Fwj7TCCHkVY8Kk305BoWRrdZnKl5X6gaoD+kGU9 q6CzEAN3Hxnwn59iZ9pOaF/MYMIvGuY54cG0WNaA= Received: from ip5-63-144-28.lon.ukinetcom.net (ip5-63-144-28.lon.ukinetcom.net [5.63.144.28]) by web4j.yandex.ru with HTTP; Tue, 11 Nov 2014 01:33:53 +0300 From: Martin Hanson To: FreeBSD Questions Mailing List Subject: Captive portal with forced IP? MIME-Version: 1.0 Message-Id: <754511415658833@web4j.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Mon, 10 Nov 2014 23:33:53 +0100 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Nov 2014 22:34:10 -0000 Hi. I have a FreeBSD box as a firewall. I am using captive portal + freeradius2 to have users login before they can access the net. I would like to use the firewall the set some restrictions on access to the Internet too. This is of course done on a IP/MAC based level. Does there exist something which requires users to login, but at the same time forces a specific IP to their account? So if they spoof their mac/ip they cannot login using their normal credentials - they get logged out and looses access? In this case a user would not only be required to login with his credentials before he can access the network, but his box would also be bound to a specific IP and MAC, which then would have some restrictions due to the firewall. I know this is not 100% FreeBSD specific, but I want this to run on FreeBSD and are wondering how others perhaps are doing it. Thanks and kind regards! Martin