From owner-freebsd-isp Wed Sep 29 14:27:16 1999 Delivered-To: freebsd-isp@freebsd.org Received: from smople.thehub.com.au (smople.thehub.com.au [203.143.240.10]) by hub.freebsd.org (Postfix) with ESMTP id 672BE1576F for ; Wed, 29 Sep 1999 14:27:01 -0700 (PDT) (envelope-from richard@thehub.com.au) Received: from richard (pc228.internal.thehub.com.au [203.143.240.228]) by smople.thehub.com.au (8.9.3/8.9.1) with SMTP id HAA11299 for ; Thu, 30 Sep 1999 07:26:55 +1000 (EST) Reply-To: From: "Richard Uren" To: Subject: RE: Need Authoritative DHCP server ... Date: Thu, 30 Sep 1999 07:23:38 +1000 Message-ID: <000f01bf0ac0$e60132a0$e4f08fcb@thehub.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Nathan Mahon > Sent: Thursday, 30 September 1999 5:46 > To: Troy Settle; freebsd-isp@FreeBSD.ORG > Subject: RE: Need Authoritative DHCP server ... > > This is a good setup, however, I'm not sure that it has > anything to do with > the /*enforcment*/ part of my question. > I need something that will require that the dhcp lease match > the ip/mac > address of the outgoing packet before it will actually translate it... > I've got issues of users opting not to use DHCP and entering > in the numbers > manually.... this is not something I want to allow... > So ... i need to find something that will choose not to NAT > if the DHCP > lease doesn't match the originator of the packet. > Does this make any sense to anyone? If you lock down the IP to an ethernet address (using the 'arp' command) then they will effectively be unable to speak to your nat serevr to get any further .... would that help ? You can write a little script that locks an arp table based on your DHCP config - (requires : the DHCP config to contain the ethernet addresses) You also need something to fill the gaps in your arp table - If you'de like scripts for these then let me know. Cheers Richard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message