[ previous ] [ next ] [ threads ]
 
 From:  "Mohammed Ismail" <m dot ismael at gmail dot com>
 To:  "'Chris Buechler'" <cbuechler at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Beta 1.3b17 released
 Date:  Mon, 17 Aug 2009 09:22:19 +0300
Chris wrote:

"Windows doesn't care about it, if it can ARP the IP, it'll use it as
its gateway. Other OSes will not do this, your network will not be
usable with FreeBSD for sure (it refuses to add a clearly invalid
default gateway), and likely others as well. It's ugly, don't do it.
It's not solving anything you think it might be solving. Your biggest
issue with internal untrusted clients is going to be ARP poisoning
(whether done in an automated fashion by malware on user's PCs or by
an attacker), which this isn't going to do anything to address, and is
one example of many of why you need a real solution here. Because the
problem is inside your network"
>>>>
>>
.
Let us say I used mikrotik router OS, it does some thing there inside the
network. i did not understand what it fully do, but it is done by assigning
/32 subnet mask , and with optional gateway other than LAN IP.
I know this being silly every time I come with strange thing, I just saw it,
what I am thinking of is ISC DHCP can assign a static route for a client.
And many so found on 
http://www.freebsd.org/cgi/man.cgi?query=dhcp-options&apropos=0&sektion=5&ma
npath=FreeBSD+6.4-RELEASE&format=html
I am talking about 
option subnet-mask ip-address;
	     The subnet-mask option specifies the client's subnet mask as
per
	     RFC 950.  If no subnet-mask option is provided anywhere in
scope,
	     as a last resort dhcpd(8) will use the subnet mask from the
sub-
	     net declaration for the network on which an address is being
	     assigned.	However, any subnet-mask option declaration that is
in
	     scope for the address being assigned will override the subnet
	     mask specified in the subnet declaration.


=======================
"m0n0wall isn't part of the solution as
it can't control these things (aside from the likely infeasible option
of splitting each user onto their own VLAN trunked to m0n0wall"
>>>>>>>>>>>>>>..
>>
.


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch