From owner-freebsd-net  Mon Nov 22 11:28:15 1999
Delivered-To: freebsd-net@freebsd.org
Received: from eh.est.is (eh.est.is [194.144.208.34])
	by hub.freebsd.org (Postfix) with ESMTP id 6547115031
	for <freebsd-net@FreeBSD.ORG>; Mon, 22 Nov 1999 11:28:01 -0800 (PST)
	(envelope-from totii@est.is)
Received: from toti.est.is (root@toti-mx.est.is [194.144.208.17])
          by eh.est.is (8.8.8/8.8.8) with ESMTP id SAA11280;
          Mon, 22 Nov 1999 18:48:30 GMT
          (envelope-from totii@est.is)
Received: from est.is (asus.est.is [194.144.208.242])
          by toti.est.is (8.9.3/8.9.1) with ESMTP id SAA42277;
          Mon, 22 Nov 1999 18:48:27 GMT
          (envelope-from totii@est.is)
Message-ID: <38398FF2.66B4514A@est.is>
Date: Mon, 22 Nov 1999 18:48:18 +0000
From: Thordur Ivarsson <totii@est.is>
Reply-To: thivars@est.is
X-Mailer: Mozilla 4.08 [en] (Win98; I)
MIME-Version: 1.0
To: visi0n <visi0n@aux-tech.org>
Cc: thivars@est.is,
	"freebsd-net@FreeBSD.ORG" <freebsd-net@FreeBSD.ORG>
Subject: Re: Client restriction with "MAC ADDRESS" ?
References: <Pine.LNX.3.96.991121165905.199B-100000@variola.chinatown.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

visi0n wrote:
> 
> On Sun, 21 Nov 1999, Thordur Ivarsson wrote:
> 
> > Hi there,
> >
> > Do FreeBSD allow me to control traffic from client checked from the MAC
> > address.
> >
> > My problem is that everyone is allowed to connect to the network it self
> > but I need to filter users at the boarder firewall. I will give any user
> > IP number from DHCP server but if someone fakes IP number then I have
> > problems.
> >
> > Some users buy the internet connection then they are given another IP
> > number, and passed over the boarder firewall. But to be sure I would
> > like to check if their MAC address matches the IP.
> >
> > Any solution?
> >
> > TIA
> >
> > Thordur Ivarsson
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-net" in the body of the message
> >
>         If these clients are connected in the same net segment they can
> forge mac addr too.
If they do they must have information on what mac address is used by
someone on the segment, and if that user uses the network at the same
time I will get arp errors, that have been tried here.

But can I filter traffic by MAC address?

Thordur


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message