Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 Sep 2003 12:47:35 +0300
From:      "Yonatan Bokovza" <Yonatan@xpert.com>
To:        <freebsd-questions@freebsd.org>
Subject:   RE: Binding MAC to IP Statically
Message-ID:  <C2DC75EEA405354AA9C03EF5CB8CDE089AAB41@exchange.xpert.com>
next in thread | raw e-mail | index | archive | help 
> -----Original Message-----
> From: Timur [mailto:thor@telecom.sarkor.uz]
> Sent: Monday, September 08, 2003 12:34
> To: Yonatan Bokovza
> Cc: freebsd-questions@freebsd.org
> Subject: Re: Binding MAC to IP Statically
>=20
>=20
> On Mon, Sep 08, 2003 at 12:07:33PM +0300, Yonatan Bokovza wrote:
> > > -----Original Message-----
> > > From: Chuck Swiger [mailto:cswiger@mac.com]
> > > Sent: Sunday, September 07, 2003 23:10
> > > To: Colin Watson
> > > Cc: freebsd-questions@freebsd.org
> > > Subject: Re: Binding MAC to IP Statically
> > >=20
> > >=20
> > > Colin Watson wrote:
> > > [ ...rewrapped to 80-columns... ]
> > > > Any way to bind a MAC address statically to an IP?. I wish=20
> > > to do this to
> > > > prevent a user from changing his IP address on the subnet,=20
> > > so if he does he
> > > > can't pass traffic. I have experimented with ipfw, but I=20
> > > can't quite see how
> > > > I could accomplish the binding of a IP statically to a=20
> > > nic's MAC. Any ideas
> > > > be appericated.
> > >=20
> > > IPFW2 lets you perform firewall actions on a MAC address,=20
> > > rather than an IP.
> > >=20
> > > You can configure a DHCP server to staticly allocate an IP=20
> > > address to that=20
> > > machine via something like this in {/usr/local}/etc/dhcpd.conf:
> > >=20
> > > host pi.codefab.com {
> > >          hardware ethernet 00:00:00:00:00:00;
> > >          fixed-address 66.234.138.67;
> > > }
> >=20
> > Look for static arp. The basic idea is that you tell your
> > interface to not use arp (see ifconfig(8) -arp) and give
> > it a static binding of MAC addresses to IP addresses
> > (see arp(8) -f).
>=20
> This solves the problem, but creates another one - your clients must
> statically bound MAC address of your router (default gateway) to IP
> address.

Correct. It is best for small, unchanging networks. DMZ for example.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C2DC75EEA405354AA9C03EF5CB8CDE089AAB41>