From owner-freebsd-stable@FreeBSD.ORG Tue Feb 15 12:57:02 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 071C516A4CE for ; Tue, 15 Feb 2005 12:57:02 +0000 (GMT) Received: from speechpro.com (speech-tech-2.ip.PeterStar.net [81.3.190.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9761543D1F for ; Tue, 15 Feb 2005 12:57:01 +0000 (GMT) (envelope-from igorr@speechpro.com) Received: from sysadm.stc ([192.168.2.26]) by s1.stc with esmtp (Exim 4.44 (FreeBSD)) id 1D12Dp-0007Ka-39 for freebsd-stable@freebsd.org; Tue, 15 Feb 2005 15:54:33 +0300 Message-ID: <4211F0BC.1070301@speechpro.com> Date: Tue, 15 Feb 2005 15:53:16 +0300 From: Igor Robul User-Agent: Mozilla Thunderbird 1.0 (X11/20050214) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <200502142022.j1EKMl5R092740@lurza.secnetix.de> <022401c512d7$e0779890$0c00a8c0@artem> In-Reply-To: <022401c512d7$e0779890$0c00a8c0@artem> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archived: Yes Subject: Re: How to make ipfw consider MAC-IP match? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Feb 2005 12:57:02 -0000 Artem Kuchin wrote: > Hi! > > I have a table with ethernet (MAC) addresses matching IPs. It is > used to build dhcp config file. But regardless of that any user can > assign his neighbour ips while that pc is turned off and use it to > access internet. The local ips are 192.168. and are behind natd. > I am running 5.3-STABLE and have heard that ipfw2 can in someway > use MAC addresses, but how do I setup ipfw in such a way that I use Samba computer names for this. If user changes computer name, then he will not be able login to domain, and will not able do his job. I dont restrict very much access to Internet, just do accounting. It is easy modify my setup to use user names instead of computer names. Accounting is done with trafd and 2 or 3 shell scripts. Maybe you need something like this? If you wish, I can post my scripts.