Help in Ipguard setting

ashima

Hello everyone,

I am using ipguard on pfsense 2.2.5. I want to have
following setting for my Lan Network.

192.168.7.10 –- 192.168.7.250  as dhcp with any mac id with restricted internet access.
192.168.7.251--- 192.168.7.254  as mac bound with unrestricted internet access.

However I am confused how should I write my ether file.

192.168.7.1    e0:d0:dd:56:47:h8    my pfsense box
192.168.7.251 e0:d0:d3:56:78:h9  superuser1
192.168.7.252 e0:d0:d5:89:78:h8  superuser2
192.168.7.253 e0:d1:d4:78:89:h1  superuser3
192.168.7.254 e0:d1:d9:78:89:h1  superuser4
????????????  00:00:00:00:00:00  rest of users

What should I write ?????????? so that ip addresses in the range
192.168.7.10 to 192.168.7.250 are allowed with any macid.

Is it ok if I do the entry in /etc/ethers as follows:

192.168.7.10-192.168.7.250  00:00:00:00:00:00  rest of users

Will it work ?

Thank You for your help.

with warm regards,
  Ashima

ashima

Hello,

I am surprised I haven't got any reply. This is what I have thought as a solution ( may not be most appropriate one). I would be grateful if any one can guide me properly.

To allow range 192.168.7.1 to 192.168.7.247 take any mac id, I am planning to add following entries in ether file:

00:00:00:00:00:00    192.168.7.1/25    normal user
00:00:00:00:00:00    192.168.7.127      normal user
00:00:00:00:00:00    192.168.7.128/26  normal user
00:00:00:00:00:00    192.168.7.191        normal user
00:00:00:00:00:00    192.168.7.192/27  normal user
00:00:00:00:00:00    192.168.7.223        normal user
00:00:00:00:00:00    192.168.7.224/28  normal user
00:00:00:00:00:00    192.168.7.239        normal user
00:00:00:00:00:00    192.168.7.240/29  normal user
00:00:00:00:00:00    192.168.7.247        normal user

Then the entries for superusers as mentioned in previous post.

Thank You,
with regards,
Ashima

Mowgli

i maybe wrong but why not try to use ALIAS and RULES ?

Put these (192.168.7.10 –- 192.168.7.250  as dhcp with any mac id with restricted internet access.)  in a ALIAS.

Create a ALIAS and a RULE that limits the inet acc to that ALIAS.
  https://doc.pfsense.org/index.php/Firewall_Rule_Basics  https://doc.pfsense.org/index.php/Aliases

The other should flow unhindered as per default.

These (192.168.7.251–- 192.168.7.254  as mac bound with unrestricted internet access. ) i assume u know how to with the mac addr part.

ashima

Hello Mr Mowgli,

You are suggesting I should bind the mac-id with ip address for super user using dhcp server configuration. But when you bind mac id to a specific ip it is only set as preferred ip. That means any one can set their machine with ip from range 192.168.7.250 .192.168.7.254 and get unrestricted internet access. Whereas with ipguard once the macid is linked with an ip normal user cannot set their ip in that range. I guess I have made my point clear.

Thank you
Ashima