From owner-freebsd-questions@FreeBSD.ORG Mon Sep 8 02:46:40 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50E6316A4BF for ; Mon, 8 Sep 2003 02:46:40 -0700 (PDT) Received: from telecom.sarkor.uz (telecom.sarkor.uz [81.95.226.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 951A343FE1 for ; Mon, 8 Sep 2003 02:46:39 -0700 (PDT) (envelope-from thor@telecom.sarkor.uz) Received: by telecom.sarkor.uz (Postfix, from userid 1000) id 8F5DF142E5B; Mon, 8 Sep 2003 14:34:03 +0500 (UZT) Date: Mon, 8 Sep 2003 14:34:03 +0500 To: Yonatan Bokovza Message-ID: <20030908093403.GA21650@telecom.sarkor.uz> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i From: thor@telecom.sarkor.uz (Timur) cc: freebsd-questions@freebsd.org Subject: Re: Binding MAC to IP Statically X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2003 09:46:40 -0000 On Mon, Sep 08, 2003 at 12:07:33PM +0300, Yonatan Bokovza wrote: > > -----Original Message----- > > From: Chuck Swiger [mailto:cswiger@mac.com] > > Sent: Sunday, September 07, 2003 23:10 > > To: Colin Watson > > Cc: freebsd-questions@freebsd.org > > Subject: Re: Binding MAC to IP Statically > > > > > > Colin Watson wrote: > > [ ...rewrapped to 80-columns... ] > > > Any way to bind a MAC address statically to an IP?. I wish > > to do this to > > > prevent a user from changing his IP address on the subnet, > > so if he does he > > > can't pass traffic. I have experimented with ipfw, but I > > can't quite see how > > > I could accomplish the binding of a IP statically to a > > nic's MAC. Any ideas > > > be appericated. > > > > IPFW2 lets you perform firewall actions on a MAC address, > > rather than an IP. > > > > You can configure a DHCP server to staticly allocate an IP > > address to that > > machine via something like this in {/usr/local}/etc/dhcpd.conf: > > > > host pi.codefab.com { > > hardware ethernet 00:00:00:00:00:00; > > fixed-address 66.234.138.67; > > } > > Look for static arp. The basic idea is that you tell your > interface to not use arp (see ifconfig(8) -arp) and give > it a static binding of MAC addresses to IP addresses > (see arp(8) -f). This solves the problem, but creates another one - your clients must statically bound MAC address of your router (default gateway) to IP address.