Binding MAC to IP Statically

Lowell Gilbert freebsd-questions-local at be-well.no-ip.com
Mon Sep 8 06:14:12 PDT 2003


thor at telecom.sarkor.uz (Timur) writes:

> no, it doesn't..  what it does - establishing static mapping from IP to
> MAC address..  Now I'm facing the same problem as original poster - how
> can I prevent users from changing their IP address to some other (from
> the same subnet)?..  Let's say I have a network 192.168.1.0/24.. I have
> few users - 192.168.1.{3,4,5}..  How can I prevent one user from
> changing his ip from 192.168.1.3 to 192.168.1.5?  Now I see only one
> solution - use 'arp' command to statically assign MACs to used IP
> addresses and block traffic to unused IP addresses, but this looks a
> little ugly :)  What I'd like to is to be able to assign unused IP
> addresses to some 'invalid' MAC address, so that my router responds with
> 'host unreachable' to incoming packets destined to these addresses..

Yeah, that's true.  My approach is to explicitly firewall off all of
the unused addresses.

> but.. there would be a tradeoff between having a large arp table and
> lot's of firewall rules.

Somewhat, but less than you'd think.  You need ARP entries for all of
the in-use addresses, anyway.  What I do on my own network is to keep
the subnet as small as possible, to minimize the number of unused
addresses.  


More information about the freebsd-questions mailing list