Date: Thu, 30 Sep 1999 07:23:38 +1000 From: "Richard Uren" <richard@thehub.com.au> To: <freebsd-isp@FreeBSD.ORG> Subject: RE: Need Authoritative DHCP server ... Message-ID: <000f01bf0ac0$e60132a0$e4f08fcb@thehub.com.au> In-Reply-To: <NDBBIOANCLGLNFOCLGEOKEEJCBAA.nathanm@socket.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Nathan Mahon > Sent: Thursday, 30 September 1999 5:46 > To: Troy Settle; freebsd-isp@FreeBSD.ORG > Subject: RE: Need Authoritative DHCP server ... > > This is a good setup, however, I'm not sure that it has > anything to do with > the /*enforcment*/ part of my question. > I need something that will require that the dhcp lease match > the ip/mac > address of the outgoing packet before it will actually translate it... > I've got issues of users opting not to use DHCP and entering > in the numbers > manually.... this is not something I want to allow... > So ... i need to find something that will choose not to NAT > if the DHCP > lease doesn't match the originator of the packet. > Does this make any sense to anyone? If you lock down the IP to an ethernet address (using the 'arp' command) then they will effectively be unable to speak to your nat serevr to get any further .... would that help ? You can write a little script that locks an arp table based on your DHCP config - (requires : the DHCP config to contain the ethernet addresses) You also need something to fill the gaps in your arp table - If you'de like scripts for these then let me know. Cheers Richard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000f01bf0ac0$e60132a0$e4f08fcb>