Date: Mon, 15 Aug 2005 17:38:14 -0500 From: "Andrew L. Gould" <algould@datawok.com> To: vladone <vladone@spaingsm.com> Cc: Hornet <hornetmadness@gmail.com>, freebsd-questions@freebsd.org Subject: Re: i can't block win98 computers Message-ID: <20050815173814.7c58d249@grokwell.org> In-Reply-To: <f42935a60508151419670dea07@mail.gmail.com> References: <534500571.20050815232810@spaingsm.com> <f42935a60508151419670dea07@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Aug 2005 17:19:49 -0400 Hornet <hornetmadness@gmail.com> wrote: > On 8/15/05, vladone <vladone@spaingsm.com> wrote: > > Hi! > > I try to block some computers to acces my gateway based on MAC > > address. > > I use this ipfw rule: > > ipfw add 100 deny mac any xx:yy:aa:bb:cc:dd in via > > $private_interface With this i can block XP computers but not work > > with Win98. I dont understand what is happened! > > I try against different computer with win98 OS and i can't block it. > > Only messenger is blocked but navigation work well. Computers with > > WinXP OS is blocked succesfull. > > I believe as is an problem with TCP packets that comming from Win98 > > computers but i dont know how i can resolv this. > > IIRC, 98 had a hacked down version of the TCP/IP stack opposed to the > normal unix stack. > All though I don't think this would be a issue, as 98 boxes would not > be able to use any type of switch if the TCP/IP stack did not have > some type of MAC header in it. > > Clear your arp table and look to see if you get an arp address for > the 98 boxes. You might find that you have a typo in the address, or > pull the MAC right off the card it self. If you're trying to keep Win98 computers off the internet without blocking them from the internal network, you could try manually configure their NIC's with an internal, nonexistent name server. Technically, they would have access to the internet; but without actual IP addresses, non-savvy users would think that access to the internet is blocked. (Savvy users could just change the configuration.) Would this accomplish your goal? (Do you have savvy users?) I have one WinXP computer that's configured this way. It can still access shared directories and printers on the local network. Andrew Gould
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050815173814.7c58d249>