Help ….



  • hello everyone
    (""sorry for my poor English"")
    actually I have a small wired  network working with mikrotik 
    I was thinking to try anther server such as pfsense
    I don't know if It's better than mikrotik OR not but any way I want to give it a try
    I wanne ask if I can do these thing with using this server

    1/ adding a client with specific mac and IP
    2/ merging 2 ISP lines to gether
    3/ limit clients internet speed
    4/ disable spoofing programs such as (netcut…..etc)
    5/what about MAC Vulnerability

    sorry I'm a beginner in networking
    I just want do the basics setting to run the server
    don't want these complicated  nomenclature  :(
    just basic stuff and ThanQ any way



  • well ….
            Is there is any Thing wrong with my question  ..
                      can Any body explain Please ..



  • views views and no replies  :))

    Is there is any thing wrong with my question

    I just need to limit Users speed + merging 2 or more ISP Connection .

    that's all just very basic to run the Pfsense and then I'll try other functions ??

    that's all  can any one tell me how to do it Please !!

    I'll be very grateful ..





  • sure man I have such Book explain every thing but the problem IS  I don't understand I think it is complicated  :))



  • @elshentenawy:

    sure man I have such Book explain every thing but the problem IS  I don't understand I think it is complicated  :))

    If it is difficult for you, try looking through commercial support https://portal.pfsense.org/


  • Netgate Administrator

    1. You mean static DHCP leases? Yes.
    2. Multi-WAN load balancing. Yes.
    3. Yes, there are multiple traffic shaping options.
    4. Not too sure you can do much about that at the router. Arpwatch maybe?
    5. I don't know what you mean by this. You're the second person asking about 'mac vulnerability' coming from Mikrotik is it a recent development?

    Hope this helps you a little.

    Steve

    Edit: My mistake you're the same person!



  • @elshentenawy:

    I wanne ask if I can do these thing with using this server

    1/ adding a client with specific mac and IP
    2/ merging 2 ISP lines to gether
    3/ limit clients internet speed
    4/ disable spoofing programs such as (netcut…..etc)
    5/what about MAC Vulnerability

    1/ yes
    2/ yes
    3/ yes (traffic shaper)
    4/ no - can't be done in router, you need appropriate functionality in your managed switch
    5/ ??? what is it?


  • Netgate Administrator

    Hmm after more reading.
    4. Netcut is a tool that performs an arp spoofing attack on local subnet machines that redirects traffic intended for the subnet gateway into a black hole.
    Using Arpwatch, for which there is a pfSense package, you could see who on the network is doing this and then physically disconnect them / beat them with a stick etc!  :P

    I'm not sure whether or not there might be tool to detect ARP spoofing automatically but even if there was there's not much you can do about it at the router other than logging.  :-\ Anyone?

    Steve



  • well thanQ for answering my questions

    well if the server cann't disable spoofing this makes quit abig problem for me actually
    what is manged switch ?? how can I get one ,,,,
    "MAC Vulnerability" is mikrotik weakness point using it people on your network can access any others accouns


  • Netgate Administrator

    Do you have a big problem with arp spoofing then? What sort of network are you using this in?

    @http://en.wikipedia.org/wiki/Network_switch#Configuration_options:

    Managed switches — These switches have one or more methods to modify the operation of the switch

    You can connect to the switch configure it for your network. Typically you might use VLANs or QoS options.
    Some such switched have:

    MAC filtering and other types of "port security" features which prevent MAC flooding

    In order to prevent an arp spoofing attack you need to stop a malicious client machine sending out arp packets announcing that the gateway IP has changed MAC address. Or at least prevent those packets reaching your other clients. The only way to do this is at layer 2, typically the switch. You set the switch to filter and arp announcements for the gateway IP other than the correct MAC which you have set.

    I'm still not sure what you mean by MAC Vulnerability. Do you have a link to the Mikrotik forum explaining it? It sounds like possibly you are referring to a paid access captive portal arrangement. Clients spoof their MAC address in order to get access that someone alse has paid for. Is that it?

    Steve


Log in to reply