From owner-freebsd-net Mon Apr 19 7:54:51 1999 Delivered-To: freebsd-net@freebsd.org Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110]) by hub.freebsd.org (Postfix) with ESMTP id DE269155AB for ; Mon, 19 Apr 1999 07:54:42 -0700 (PDT) (envelope-from mjenkins@carp.gbr.epa.gov) Received: (from mjenkins@localhost) by carp.gbr.epa.gov (8.8.8/8.8.8) id JAA20481; Mon, 19 Apr 1999 09:51:56 -0500 (CDT) (envelope-from mjenkins) Date: Mon, 19 Apr 1999 09:51:56 -0500 (CDT) From: Mike Jenkins Message-Id: <199904191451.JAA20481@carp.gbr.epa.gov> To: freebsd-net@freebsd.org Subject: Re: DHCP - IPFW - Controlling IPs Cc: thomas.uhrfelt@plymovent.se In-Reply-To: <01BE88F5.C4660D20.thomas.uhrfelt@plymovent.se> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 17 Apr 1999 Thomas Uhrfelt wrote: > I have now sucessfully installed ISC:s DHCP server on my FreeBSD box to pass out IP:s etc. to the users on our local network, but I > Have a little thing grinding on my mind, as I am going to use DUMMYNET and IPFW to regulate what users can and cannot do on other > networks. Is there any way that I can check ( periodically or all the time ) that the IP the packet is coming from really is the one that > is assigned by the DHCP daemon? What I mean is, for my ipfw rules/pipes to work, I need to be sure that the user has just > that IP I have assigned to him. In other words, so he can't go in and change his Win95/NT/Mac and turn off DHCP and assign an > IP on his own.. Is this possible to control at all? Couldn't he divert incoming packets on the internal interface (packets leaving the internal LAN) to a program that does the following: IF "src IP is leased out via dhcp" THEN allow ELSE deny END IF Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message