From owner-freebsd-questions Fri Apr 27 16:51:38 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 9023037B424 for ; Fri, 27 Apr 2001 16:51:34 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f3S10eJ60448; Fri, 27 Apr 2001 20:00:40 -0500 (CDT) (envelope-from nick@rogness.net) Date: Fri, 27 Apr 2001 20:00:40 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Rick Duvall Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW and MAC Addresses In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 27 Apr 2001, Rick Duvall wrote: > Is there a way to do IPFW on a MAC Address level? What I am wanting > is to only allow certain NIC's to pass packets to the Internet, as > long as those specific NICs have a certain IP address. > > Reasoning: I have a wireless LAN I am providing internet over to > customers. Like all wireless lans, it is layer 2. So, I can see the > MAC address on the customer's end. But, I don't want the customer to > be able to just grab any IP address they can get their hands on. I > want to assign them 1 IP address, and have it so that if they use any > other IP address other than that one, they won't be able to pass any > packets on my network. > > Is this possible? I believe you can "hardwire" their MAC in your arp table (arp -s) forcing only certain IP's to have certain MAC's Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message