From owner-freebsd-questions Thu Apr 5 14: 6:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from marlo.eagle.ca (marlo.eagle.ca [209.167.16.10]) by hub.freebsd.org (Postfix) with ESMTP id 4EE1B37B423 for ; Thu, 5 Apr 2001 14:06:44 -0700 (PDT) (envelope-from scaryg@sputnik.org) Received: from phantom (staff.eagle.ca [209.167.16.15]) by marlo.eagle.ca (8.11.0/8.11.0) with SMTP id f35L2an82544; Thu, 5 Apr 2001 17:02:36 -0400 (EDT) (envelope-from scaryg@sputnik.org) Message-ID: <013501c0be14$ab0838c0$0f01a8c0@phantom> From: "ScaryG" To: "Kurtis Smith" Cc: References: <008401c0bdf7$cfba03a0$0f01a8c0@phantom> <5.0.2.1.0.20010405113021.00a6fc00@pop.mail.yahoo.com> Subject: Re: Traffic shaping natd dhcp and ipfw Date: Thu, 5 Apr 2001 17:09:14 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Ok so what I could do then is stop the DHCPD service > which would suck for more computers adding to the network That depends... As I understood it, you wish to control what stations have Internet access? If you use DHCP the stations would get a different IP number each day, and that kinda destroy your ability to handcuff them on a per machine basis. So yes, perhaps not using DHCP may be part of your solution. However, next up, can you not determine who has access to your daemons by using /etc/hosts.deny and /etc/hosts.allow? That would let you limit telnet, ftp, email. From there you could use ipfw to dump outgoing traffic on port 80 for a particular workstation, etc. -Gerry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message