i can't block win98 computers
Andrew L. Gould
algould at datawok.com
Mon Aug 15 22:38:02 GMT 2005
On Mon, 15 Aug 2005 17:19:49 -0400
Hornet <hornetmadness at gmail.com> wrote:
> On 8/15/05, vladone <vladone at spaingsm.com> wrote:
> > Hi!
> > I try to block some computers to acces my gateway based on MAC
> > address.
> > I use this ipfw rule:
> > ipfw add 100 deny mac any xx:yy:aa:bb:cc:dd in via
> > $private_interface With this i can block XP computers but not work
> > with Win98. I dont understand what is happened!
> > I try against different computer with win98 OS and i can't block it.
> > Only messenger is blocked but navigation work well. Computers with
> > WinXP OS is blocked succesfull.
> > I believe as is an problem with TCP packets that comming from Win98
> > computers but i dont know how i can resolv this.
>
> IIRC, 98 had a hacked down version of the TCP/IP stack opposed to the
> normal unix stack.
> All though I don't think this would be a issue, as 98 boxes would not
> be able to use any type of switch if the TCP/IP stack did not have
> some type of MAC header in it.
>
> Clear your arp table and look to see if you get an arp address for
> the 98 boxes. You might find that you have a typo in the address, or
> pull the MAC right off the card it self.
If you're trying to keep Win98 computers off the internet without
blocking them from the internal network, you could try manually
configure their NIC's with an internal, nonexistent name
server. Technically, they would have access to the internet; but
without actual IP addresses, non-savvy users would think that
access to the internet is blocked. (Savvy users could just change
the configuration.) Would this accomplish your goal? (Do you have
savvy users?)
I have one WinXP computer that's configured this way. It can still
access shared directories and printers on the local network.
Andrew Gould
More information about the freebsd-questions
mailing list