Re: static ARP
From: Alexei Evdokimov (alexei_at_pptus.ru)
Date: 09/26/03
- Previous message: Alexei Evdokimov: "Re: static ARP"
- In reply to: Alexei Evdokimov: "Re: static ARP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 26 Sep 2003 11:08:05 +0400 (MSD) To: freebsd-isp@freebsd.org
On Fri, 26 Sep 2003, Alexei Evdokimov wrote:
> > I was thinking about the following scenario. I have one interface in my
> > BSD router that serves a private network.
> >
> > Is it possible to disable ARP on that interface and make static ARP
> > entries on router? I'm looking for a way to allow only certain MAC
> > addresses to access via this interface. I do know it's only false
> > security, but it would prevent people adding easily unauthorized
> > computers. And since there are only about 10 comps in this particular
> > network, maintaining static ARP entries would not be worksome.
> >
> > I would not like to get into bridging if this works.
>
> Parameter -arp will disable ARP on the interface:
>
> ifconfig ... -arp
>
> To set static ARP table write authorized pairs ip:mac in a file
> and load it it in the table:
>
> arp -f file
Unfortunatly with -arp parameter the router won't reply to ARP
request about his address so you need to manually add ARP record
about the router to each host's ARP table or you can try Ruslan
Ermilov's patch (posted in freebsd security list a couple days
ago) which solve this problem.
-- Alexei Evdokimov alexei@pptus.ru _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Alexei Evdokimov: "Re: static ARP"
- In reply to: Alexei Evdokimov: "Re: static ARP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
