The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 ipfw (MAC addresses)
Author: Isaac 
Date:   17-12-02 03:51

I've blocked certain incoming access to my home network using ipfw. The thing is I only want to deny access to certain machines on the network. Is there a way that I can use the MAC address of a specific nic card on my network and block access to only that machine?

Reply To This Message
 Re: ipfw (MAC addresses)
Author: .daniel.schrock 
Date:   17-12-02 05:26

unfortunately, the only real way to do that is unplug the machine you want to block... MAC addresses can be changed rather easily...

you could set up a dhcp server and distribute a bad gateway, but that could be easily bypassed as well...

if this is still regarding the gambling roommate, I would seriously look into a proxy... put the proxy on a system that has access and give it another nic on another subnet... don't nat that subnet. the system that gets 'blocked' has an address on that new subnet and only has access to the proxy itself... then filter as much as you want...

Reply To This Message
 Re: ipfw (MAC addresses)
Author: Isaac 
Date:   17-12-02 16:31

This is regarding the gambling roomate :) I have managed to block the client and the website which he was using. The thing is another roomate claims that he wants to play the same games for "fun". This proxy solution would allow me to block access to one machien and allow acces to another? I'll read up on it and if I can't figure it out you'll be sure to see another post. Thanks again for the help.

Reply To This Message
 Re: ipfw (MAC addresses)
Author: .daniel.schrock 
Date:   17-12-02 18:30

here is how i am envisioning it: (pardon the lousy ascii art)

| pub addr
| proxy- subnet B|-----------|
| | |
| NAT- subnet A | |
|----------------| --------
| private subnet B -(the gambler's system)
private subnet A
(all of the your systems)

Reply To This Message
 Re: ipfw (MAC addresses)
Author: .daniel.schrock 
Date:   17-12-02 18:37

hrmm... white space is filtered... is an explanation instead, using 1 system with 3 nics.
fxp0 = public subnet
dc0 = private subnet A
dc1 = private subnet B

nat fxp0 to dc0, then assign to the systems that you want to have direct access to the net.

do not nat to dc1, give your gambling buddy address and connect him to dc1 via crossover cable.

use squid on the server to allow him to surf safe sites, while you have free reign to do whatever you want via NAT.

Reply To This Message
 Re: ipfw (MAC addresses)
Author: Dan Larsson 
Date:   26-12-02 14:48

If you want to block by MAC address, you need to enable IPFW2.
But as mentioned in this thread the MAC address can easily be


Reply To This Message
 Re: ipfw (MAC addresses)
Author: Isaac 
Date:   08-01-03 05:28

The people I'm dealing with here don't even know what a MAC address is. Thanks thogh I'll read up on IPFW2.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 

 User Login
 User Name:
 Remember my login:
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum