Date: Sun, 21 Dec 2008 00:56:19 +0000 From: Gloomy Group <gloomygroup@hotmail.com> To: <smithi@nimnet.asn.au> Cc: ipfw@freebsd.org Subject: RE: IPFW firewall rule in mpd pppoe server to single pc behind router Message-ID: <BAY131-W401EE4A5AE3BB140CC03D0AFEE0@phx.gbl> In-Reply-To: <20081219140743.M29108@sola.nimnet.asn.au> References: <BAY131-W191266DC1D72F867A82009AFF30@phx.gbl> <20081218204044.H29108@sola.nimnet.asn.au> <BAY131-W33571C2EBD1381AF816F13AFF00@phx.gbl> <20081219140743.M29108@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Is there anything like setting ttl value to 1 like linux iptables do have. > Date: Fri=2C 19 Dec 2008 14:35:47 +1100 > From: smithi@nimnet.asn.au > To: gloomygroup@hotmail.com > CC: ipfw@freebsd.org > Subject: RE: IPFW firewall rule in mpd pppoe server to single pc behind r= outer >=20 > On Fri=2C 19 Dec 2008=2C Gloomy Group wrote: > > Hello Ian=2C > > =20 > > I have implemented traffic shaping with dummy net pipe. But i want=20 > > to strictly control the internet sharing to single pc. Is there other= =20 > > way of allowing like MAC address restricting to 2 pc coming from that= =20 > > source ip. > >=20 > > > Date: Thu=2C 18 Dec 2008 20:57:36 +1100 > > > From: smithi@nimnet.asn.au > > > To: gloomygroup@hotmail.com > > > CC: freebsd-ipfw@freebsd.org > > > Subject: Re: IPFW firewall rule in mpd pppoe server to single pc beh= ind router > > >=20 > > > On Thu=2C 18 Dec 2008=2C Gloomy Group wrote: > > > > I have freebsd mpd pppoe server. Users connect to internet by gi= ving=20 > > > > username and password. My problem is some users put router and sh= are=20 > > > > internet connection with other pc. Is it possbile to disable inte= rnet=20 > > > > sharing in server by rate limiting with ipfw firewall scripts. So= =20 > > > > that if users keep router or does nat in their pc to share intern= et=20 > > > > then only single pc can access to internet. Is is possible? > > >=20 > > > Detecting that a connection is shared using NAT? Not that I know of= . > > >=20 > > > Rate limiting per connection with dummynet pipes=2C easy enough. If= you=20 > > > limit the bandwidth=2C why would you need to care how many pcs share= it? >=20 > Not that I know of. >=20 > You're only going to see the MAC address of a directly connected system= =2C=20 > not those of any other box connected to the first one's other interface= =2C=20 > even if you are able to do ARP over PPPoE. >=20 > This is more people-policy stuff I think=2C unlikely to have a technical= =20 > solution. Some ISPs tell people they're not permitted to use NAT=2C but= =20 > I've not heard of any way of actually and reliably detecting its use. >=20 > One way to block use of the particular form of NAT implemented in M$ XP=20 > is to give users addresses in the 192.168.0.x range=2C with 192.168.0.1 a= s=20 > (your end's) gateway address .. since this latter address is forcibly=20 > assigned to the NAT box's inside interface by XP's 'internet connection=20 > sharing' .. but there are other NAT systems for windows users out there. >=20 > Others may know more than I do about this=2C of course .. if you wish to= =20 > pursue it further=2C net@freebsd.org would be the more appropriate list. >=20 > cheers=2C Ian _________________________________________________________________ It=92s the same Hotmail=AE. If by =93same=94 you mean up to 70% faster. http://windowslive.com/online/hotmail?ocid=3DTXT_TAGLM_WL_hotmail_acq_broad= 1_122008=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY131-W401EE4A5AE3BB140CC03D0AFEE0>