Date: Mon, 8 Sep 2003 14:34:03 +0500 From: thor@telecom.sarkor.uz (Timur) To: Yonatan Bokovza <Yonatan@xpert.com> Cc: freebsd-questions@freebsd.org Subject: Re: Binding MAC to IP Statically Message-ID: <20030908093403.GA21650@telecom.sarkor.uz> In-Reply-To: <C2DC75EEA405354AA9C03EF5CB8CDE089AAB3E@exchange.xpert.com> References: <C2DC75EEA405354AA9C03EF5CB8CDE089AAB3E@exchange.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 08, 2003 at 12:07:33PM +0300, Yonatan Bokovza wrote:
> > -----Original Message-----
> > From: Chuck Swiger [mailto:cswiger@mac.com]
> > Sent: Sunday, September 07, 2003 23:10
> > To: Colin Watson
> > Cc: freebsd-questions@freebsd.org
> > Subject: Re: Binding MAC to IP Statically
> >
> >
> > Colin Watson wrote:
> > [ ...rewrapped to 80-columns... ]
> > > Any way to bind a MAC address statically to an IP?. I wish
> > to do this to
> > > prevent a user from changing his IP address on the subnet,
> > so if he does he
> > > can't pass traffic. I have experimented with ipfw, but I
> > can't quite see how
> > > I could accomplish the binding of a IP statically to a
> > nic's MAC. Any ideas
> > > be appericated.
> >
> > IPFW2 lets you perform firewall actions on a MAC address,
> > rather than an IP.
> >
> > You can configure a DHCP server to staticly allocate an IP
> > address to that
> > machine via something like this in {/usr/local}/etc/dhcpd.conf:
> >
> > host pi.codefab.com {
> > hardware ethernet 00:00:00:00:00:00;
> > fixed-address 66.234.138.67;
> > }
>
> Look for static arp. The basic idea is that you tell your
> interface to not use arp (see ifconfig(8) -arp) and give
> it a static binding of MAC addresses to IP addresses
> (see arp(8) -f).
This solves the problem, but creates another one - your clients must
statically bound MAC address of your router (default gateway) to IP
address.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030908093403.GA21650>