Help in Ipguard setting

ashima · Feb 18, 2016, 7:35 AM

Hello everyone,

I am using ipguard on pfsense 2.2.5. I want to have
following setting for my Lan Network.

192.168.7.10 –- 192.168.7.250 as dhcp with any mac id with restricted internet access.
192.168.7.251--- 192.168.7.254 as mac bound with unrestricted internet access.

However I am confused how should I write my ether file.

192.168.7.1 e0:d0:dd:56:47:h8 my pfsense box
192.168.7.251 e0:d0:d3:56:78:h9 superuser1
192.168.7.252 e0:d0:d5:89:78:h8 superuser2
192.168.7.253 e0:d1:d4:78:89:h1 superuser3
192.168.7.254 e0:d1:d9:78:89:h1 superuser4
???????????? 00:00:00:00:00:00 rest of users

What should I write ?????????? so that ip addresses in the range
192.168.7.10 to 192.168.7.250 are allowed with any macid.

Is it ok if I do the entry in /etc/ethers as follows:

192.168.7.10-192.168.7.250 00:00:00:00:00:00 rest of users

Will it work ?

Thank You for your help.

with warm regards,
Ashima

ashima · Feb 25, 2016, 6:41 AM

Hello,

I am surprised I haven't got any reply. This is what I have thought as a solution ( may not be most appropriate one). I would be grateful if any one can guide me properly.

To allow range 192.168.7.1 to 192.168.7.247 take any mac id, I am planning to add following entries in ether file:

00:00:00:00:00:00 192.168.7.1/25 normal user
00:00:00:00:00:00 192.168.7.127 normal user
00:00:00:00:00:00 192.168.7.128/26 normal user
00:00:00:00:00:00 192.168.7.191 normal user
00:00:00:00:00:00 192.168.7.192/27 normal user
00:00:00:00:00:00 192.168.7.223 normal user
00:00:00:00:00:00 192.168.7.224/28 normal user
00:00:00:00:00:00 192.168.7.239 normal user
00:00:00:00:00:00 192.168.7.240/29 normal user
00:00:00:00:00:00 192.168.7.247 normal user

Then the entries for superusers as mentioned in previous post.

Thank You,
with regards,
Ashima

Mowgli · Feb 25, 2016, 7:04 AM

i maybe wrong but why not try to use ALIAS and RULES ?

Put these (192.168.7.10 –- 192.168.7.250 as dhcp with any mac id with restricted internet access.) in a ALIAS.

Create a ALIAS and a RULE that limits the inet acc to that ALIAS.
https://doc.pfsense.org/index.php/Firewall_Rule_Basics https://doc.pfsense.org/index.php/Aliases

The other should flow unhindered as per default.

These (192.168.7.251–- 192.168.7.254 as mac bound with unrestricted internet access. ) i assume u know how to with the mac addr part.

ashima · Feb 25, 2016, 10:55 AM

Hello Mr Mowgli,

You are suggesting I should bind the mac-id with ip address for super user using dhcp server configuration. But when you bind mac id to a specific ip it is only set as preferred ip. That means any one can set their machine with ip from range 192.168.7.250 .192.168.7.254 and get unrestricted internet access. Whereas with ipguard once the macid is linked with an ip normal user cannot set their ip in that range. I guess I have made my point clear.

Thank you
Ashima