Date: Sat, 17 Apr 1999 12:44:15 -0400 From: Ugen <chaos@xonix.com> To: "thomas.uhrfelt@plymovent.se" <thomas.uhrfelt@plymovent.se> Cc: "'freebsd-net@freebsd.org'" <freebsd-net@FreeBSD.ORG> Subject: Re: DHCP - IPFW - Controlling IPs Message-ID: <3718BA5F.41DF3675@xonix.com> References: <01BE88F5.C4660D20.thomas.uhrfelt@plymovent.se>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't think something like this exists (although theoretically if they are on a local network with some modification it would be possible to also filter by an Ethernet address) - however this is one reason IP address based security can only be used for Unix hosts and other "trusted" systems where only trusted people are able to set the addresses (presumably). Well, if you are in a switched environment you can probably make your switch/router somehow maintain IP to MAC address consistency. Other then that whenever dealing with individual windows etc. workstations it is crucial to have some other kind of security available... --Ugen Thomas Uhrfelt wrote: > I have now sucessfully installed ISC:s DHCP server on my FreeBSD box to pass out IP:s etc. to the users on our local network, but I > Have a little thing grinding on my mind, as I am going to use DUMMYNET and IPFW to regulate what users can and cannot do on other > networks. Is there any way that I can check ( periodically or all the time ) that the IP the packet is coming from really is the one that > is assigned by the DHCP daemon? What I mean is, for my ipfw rules/pipes to work, I need to be sure that the user has just > that IP I have assigned to him. In other words, so he can't go in and change his Win95/NT/Mac and turn off DHCP and assign an > IP on his own.. Is this possible to control at all? > > / > > Thomas Uhrfelt > Datortekniker > > PlymoVent AB > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3718BA5F.41DF3675>