From owner-freebsd-questions Tue Oct 22 8:55:42 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C6A537B401 for ; Tue, 22 Oct 2002 08:55:41 -0700 (PDT) Received: from squid.tznet.com (squid.tznet.com [66.170.64.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B2D743E42 for ; Tue, 22 Oct 2002 08:55:40 -0700 (PDT) (envelope-from tech@tznet.com) Received: from mail.tznet.com (mail.tznet.com [66.170.64.2]) by squid.tznet.com (8.12.3/8.12.5) with ESMTP id g9MFtQek053897 for ; Tue, 22 Oct 2002 10:55:26 -0500 (CDT) Date: Tue, 22 Oct 2002 10:55:26 -0500 (CDT) From: Scott Pilz To: freebsd-questions@freebsd.org Subject: IPFW/NATD Message-ID: <20021022105018.S62012-100000@mail.tznet.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII T-NetSMTP: Virus Check - Found to be clean Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The answer to this is more than likely 'no'. But I'll try anyways. Setup: NATD/IPFW Say you have an IPFW rule to allow 10.0.0.2 through NATD - thus into the internet - and everything else to be blocked. Your machine (10.0.0.2) that is being firewalled by NATD/IPFW works fine. Then someone else sets their machine up to 10.0.0.2, and now they can also get out into the network (there will of course be an ip conflict). My question is, for security, is there any way to use this type of block based on MAC ID. Almost to bond the MAC ID to the IP Address so the only computer that can use the IP address 10.0.0.2 is with MAC ID ? Thanks, Scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message