[EMAIL PROTECTED] (Timur) writes:
> no, it doesn't.. what it does - establishing static mapping from IP to
> MAC address.. Now I'm facing the same problem as original poster - how
> can I prevent users from changing their IP address to some other (from
> the same subnet)?.. Let's say I have a network 192.168.1.0/24.. I have
> few users - 192.168.1.{3,4,5}.. How can I prevent one user from
> changing his ip from 192.168.1.3 to 192.168.1.5? Now I see only one
> solution - use 'arp' command to statically assign MACs to used IP
> addresses and block traffic to unused IP addresses, but this looks a
> little ugly :) What I'd like to is to be able to assign unused IP
> addresses to some 'invalid' MAC address, so that my router responds with
> 'host unreachable' to incoming packets destined to these addresses..
Yeah, that's true. My approach is to explicitly firewall off all of
the unused addresses.
> but.. there would be a tradeoff between having a large arp table and
> lot's of firewall rules.
Somewhat, but less than you'd think. You need ARP entries for all of
the in-use addresses, anyway. What I do on my own network is to keep
the subnet as small as possible, to minimize the number of unused
addresses.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
