From owner-freebsd-questions  Mon Apr 22 07:49:23 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA09579
          for questions-outgoing; Mon, 22 Apr 1996 07:49:23 -0700 (PDT)
Received: from post.fssr.ru (post.fssr.ru [194.186.38.2])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA09559
          for <questions@freebsd.org>; Mon, 22 Apr 1996 07:49:10 -0700 (PDT)
Received: from post.fssr.ru (post.fssr.ru [194.186.38.2]) by post.fssr.ru (8.6.12/8.6.12) with SMTP id SAA01643 for <questions@freebsd.org>; Mon, 22 Apr 1996 18:48:41 GMT
Message-ID: <317BD47B.446B9B3D@fssr.ru>
Date: Mon, 22 Apr 1996 18:48:27 +0000
From: Grag <grag@fssr.ru>
X-Mailer: Mozilla 2.01 (X11; I; FreeBSD 2.1.0-RELEASE i386)
MIME-Version: 1.0
To: questions <questions@freebsd.org>
Subject: Ethernet and Firewall 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hi all!

I've a FreeBSD 2.1 server connected via ppp link to the Net. This server
attached to our local ethernet network. Local users from theirs
workstations send and receive IP traffic through my server to the
Internet. 

The question is:
Has anybody experience in authorization of such users ?
In other words: can I prohibit access of certain local (ethernet) users
to the Internet and allow access to my server simultaneously?
I know I may setup ipfw. But ipfw trust IP source addresses !!
And local users need only change their IP address to bypass ipfw.
Can I trust ethernet addresses ? And how can I do it?

Thanks and excuse my English

Grag