Date: Mon, 19 Apr 1999 09:51:56 -0500 (CDT) From: Mike Jenkins <mjenkins@carp.gbr.epa.gov> To: freebsd-net@freebsd.org Cc: thomas.uhrfelt@plymovent.se Subject: Re: DHCP - IPFW - Controlling IPs Message-ID: <199904191451.JAA20481@carp.gbr.epa.gov> In-Reply-To: <01BE88F5.C4660D20.thomas.uhrfelt@plymovent.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 17 Apr 1999 Thomas Uhrfelt wrote: > I have now sucessfully installed ISC:s DHCP server on my FreeBSD box to pass out IP:s etc. to the users on our local network, but I > Have a little thing grinding on my mind, as I am going to use DUMMYNET and IPFW to regulate what users can and cannot do on other > networks. Is there any way that I can check ( periodically or all the time ) that the IP the packet is coming from really is the one that > is assigned by the DHCP daemon? What I mean is, for my ipfw rules/pipes to work, I need to be sure that the user has just > that IP I have assigned to him. In other words, so he can't go in and change his Win95/NT/Mac and turn off DHCP and assign an > IP on his own.. Is this possible to control at all? Couldn't he divert incoming packets on the internal interface (packets leaving the internal LAN) to a program that does the following: IF "src IP is leased out via dhcp" THEN allow ELSE deny END IF Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904191451.JAA20481>