Help in Ipguard setting



  • Hello everyone,

    I am using ipguard on pfsense 2.2.5. I want to have
    following setting for my Lan Network.

    192.168.7.10 –- 192.168.7.250  as dhcp with any mac id with restricted internet access.
    192.168.7.251--- 192.168.7.254  as mac bound with unrestricted internet access.

    However I am confused how should I write my ether file.

    192.168.7.1    e0:d0:dd:56:47:h8    my pfsense box
    192.168.7.251 e0:d0:d3:56:78:h9  superuser1
    192.168.7.252 e0:d0:d5:89:78:h8  superuser2
    192.168.7.253 e0:d1:d4:78:89:h1  superuser3
    192.168.7.254 e0:d1:d9:78:89:h1  superuser4
    ????????????  00:00:00:00:00:00  rest of users

    What should I write ?????????? so that ip addresses in the range
    192.168.7.10 to 192.168.7.250 are allowed with any macid.

    Is it ok if I do the entry in /etc/ethers as follows:

    192.168.7.10-192.168.7.250  00:00:00:00:00:00  rest of users

    Will it work ?

    Thank You for your help.

    with warm regards,
      Ashima



  • Hello,

    I am surprised I haven't got any reply. This is what I have thought as a solution ( may not be most appropriate one). I would be grateful if any one can guide me properly.

    To allow range 192.168.7.1 to 192.168.7.247 take any mac id, I am planning to add following entries in ether file:

    00:00:00:00:00:00    192.168.7.1/25    normal user
    00:00:00:00:00:00    192.168.7.127      normal user
    00:00:00:00:00:00    192.168.7.128/26  normal user
    00:00:00:00:00:00    192.168.7.191        normal user
    00:00:00:00:00:00    192.168.7.192/27  normal user
    00:00:00:00:00:00    192.168.7.223        normal user
    00:00:00:00:00:00    192.168.7.224/28  normal user
    00:00:00:00:00:00    192.168.7.239        normal user
    00:00:00:00:00:00    192.168.7.240/29  normal user
    00:00:00:00:00:00    192.168.7.247        normal user

    Then the entries for superusers as mentioned in previous post.

    Thank You,
    with regards,
    Ashima



  • i maybe wrong but why not try to use ALIAS and RULES ?

    Put these (192.168.7.10 –- 192.168.7.250  as dhcp with any mac id with restricted internet access.)  in a ALIAS.

    Create a ALIAS and a RULE that limits the inet acc to that ALIAS.
      https://doc.pfsense.org/index.php/Firewall_Rule_Basics  https://doc.pfsense.org/index.php/Aliases

    The other should flow unhindered as per default.

    These (192.168.7.251–- 192.168.7.254  as mac bound with unrestricted internet access. ) i assume u know how to with the mac addr part.



  • Hello Mr Mowgli,

    You are suggesting I should bind the mac-id with ip address for super user using dhcp server configuration. But when you bind mac id to a specific ip it is only set as preferred ip. That means any one can set their machine with ip from range 192.168.7.250 .192.168.7.254 and get unrestricted internet access. Whereas with ipguard once the macid is linked with an ip normal user cannot set their ip in that range. I guess I have made my point clear.

    Thank you
    Ashima