From owner-freebsd-questions Tue Aug 17 0:20:41 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cronus.medianetwork.se (cronus.medianetwork.se [193.14.204.1]) by hub.freebsd.org (Postfix) with ESMTP id 0B6A614E79 for ; Tue, 17 Aug 1999 00:20:36 -0700 (PDT) (envelope-from support@junglenote.com) Received: from junglenote.com (digital03.medianetwork.se [193.14.204.221]) by cronus.medianetwork.se (8.9.3/8.7) with ESMTP id JAA26535 for ; Tue, 17 Aug 1999 09:19:45 +0200 Received: from enigmatic [127.0.0.1] by junglenote.com [localhost] with SMTP (MDaemon.v2.84.R) for ; Tue, 17 Aug 1999 09:27:29 +0200 Received: by localhost with Microsoft MAPI; Tue, 17 Aug 1999 09:27:26 +0200 Message-ID: <01BEE892.B844D2E0.support@junglenote.com> From: Dan Larsson To: "'mkc@Graphics.Cornell.EDU'" Cc: Jamie Norwood , "freebsd-questions@FreeBSD.ORG" Subject: SV: dhcpd Date: Tue, 17 Aug 1999 09:27:25 +0200 Organization: Portabla Datorer AB X-Mailer: Microsoft Internet-e-post/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-MDaemon-Deliver-To: freebsd-questions@FreeBSD.ORG X-Return-Path: support@junglenote.com Reply-To: support@junglenote.com Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Yes it is, but keep reading. He confirmed my guess about wanting it to > prevent servers. Really all it does to people who want to run a server > is annoy them. Meanwhile it annoys your friendly non-abusing users as > well. Not what I would consider a good idea. Not long ago I met a guy > who was running a web server on a machine using dhcp. He had a friend > running his DNS service and every time his IP address changed he just > sent the new address to his friend who updated his DNS and he was back > in business. Of course this works best if both you and your friend > spend all your time on the net... How does this bother the 'friendly non-abusing user'? I've never seen, even m$ boxes included, die from having their ip address changed with or without dhcp. You must mean something else, right? And as I mentioned earlier, from the clients point of view it's much easier just to apply for a static address. The other solution would be to deny access to all and punch holes in the fw for every client allowed. This works. I know. But the rules table for the firewall grows to monolithic proportions, understandably due to the myriad of available software applications. A second alternative which is similar to the above. And it's setting bandwidth rules for every ip in the scope. Which also works, but sets the problem out of focus. The most desireable solution from my point of view would be to deny regular ip datatypes (http-data etc) from the internet to the clients. e.g. to deny a request from the internet to access any ip resource on the client side. And from there punch holes to allow access to certain ips to be accessed from the internet. This I do not know how to do. If someone does please let me know. /D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message