From owner-freebsd-net Sat Apr 17 9:50:37 1999 Delivered-To: freebsd-net@freebsd.org Received: from nygate.undp.org (nygate.undp.org [192.124.42.3]) by hub.freebsd.org (Postfix) with ESMTP id A46EA14EC2 for ; Sat, 17 Apr 1999 09:50:33 -0700 (PDT) (envelope-from chaos@xonix.com) Received: from umka.undp.org (umka.undp.org [192.124.42.40]) by nygate.undp.org (8.9.1/8.9.1/1.13) with ESMTP id MAA28152 for ; Sat, 17 Apr 1999 12:48:09 -0400 (EDT) Received: from inet01.hq.undp.org ([192.168.69.4]) by umka.undp.org (Netscape Messaging Server 3.6) with ESMTP id AAA6908 for ; Sat, 17 Apr 1999 12:46:57 -0400 Received: from xonix.com ([207.172.89.50]) by inet01.hq.undp.org (Netscape Messaging Server 3.6) with ESMTP id AAA6EA0; Sat, 17 Apr 1999 12:44:45 -0400 Message-ID: <3718BA5F.41DF3675@xonix.com> Date: Sat, 17 Apr 1999 12:44:15 -0400 From: Ugen X-Mailer: Mozilla 4.51 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: "thomas.uhrfelt@plymovent.se" Cc: "'freebsd-net@freebsd.org'" Subject: Re: DHCP - IPFW - Controlling IPs References: <01BE88F5.C4660D20.thomas.uhrfelt@plymovent.se> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I don't think something like this exists (although theoretically if they are on a local network with some modification it would be possible to also filter by an Ethernet address) - however this is one reason IP address based security can only be used for Unix hosts and other "trusted" systems where only trusted people are able to set the addresses (presumably). Well, if you are in a switched environment you can probably make your switch/router somehow maintain IP to MAC address consistency. Other then that whenever dealing with individual windows etc. workstations it is crucial to have some other kind of security available... --Ugen Thomas Uhrfelt wrote: > I have now sucessfully installed ISC:s DHCP server on my FreeBSD box to pass out IP:s etc. to the users on our local network, but I > Have a little thing grinding on my mind, as I am going to use DUMMYNET and IPFW to regulate what users can and cannot do on other > networks. Is there any way that I can check ( periodically or all the time ) that the IP the packet is coming from really is the one that > is assigned by the DHCP daemon? What I mean is, for my ipfw rules/pipes to work, I need to be sure that the user has just > that IP I have assigned to him. In other words, so he can't go in and change his Win95/NT/Mac and turn off DHCP and assign an > IP on his own.. Is this possible to control at all? > > / > > Thomas Uhrfelt > Datortekniker > > PlymoVent AB > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message