Subject: Re: [netatalk-admins] how do you restrict netatalk by ip address?
From: Mark Donnelly (mark@coe.missouri.edu)
Date: Tue Jul 28 1998 - 13:45:25 EDT
On Tue, 28 Jul 1998, Steven Bonneville wrote:
>
> Who says the Mac even *has* an IP address? As Tony Stuckey pointed out,
> DDP is not an IP protocol. Look at the README file that comes with the
> source to see a diagram of the network stack. DDP and IP both sit on
> top of the Ethernet layer.
Quite true! Hear, hear!
However...
It would take either writing a new utility or re-writing arp, but if you
could grab the given computer's hardware ethernet address (which *MUST* be
transmitted with *EVERY* packet), and then compare that to a list
generated by arp (esp. after pinging the broadcast address), then you
might be able to discover the correct IP address.
A possible session might be:
[root@yourbox]# atarp -a #This is for appletalk arp, aarp
Address HWtype HWaddress Flags Mask Iface
831.150 eth 00:A0:24:FF:1C:B1 C * eth0
831.135 eth 00:A0:24:FF:67:2B C * eth0
831.79 eth 00:A0:24:FF:A4:26 C * eth0
831.12 eth 00:A0:24:FF:92:E7 C * eth0
[root@yourbox]# ping 10.0.2.0
.
.
.
[root@yourbox]# arp -a | grep "00:A0:24:FF:92:E7"
Address HWtype HWaddress Flags Mask Iface
10.0.2.1 eth 00:A0:24:FF:92:E7 C * eth0
NB:
*THIS UTILITY DOES NOT CURRENTLY EXIST!!!!*
I'm only giving this as a possibility. This would also necessitate
a couple of things:
* The computer in question would, as Steven pointed out, have to
have its TCP/IP networking turned on.
* You would need, in all likelyhood, both a kernel patch and a
new utility -- which I called atarp here.
But, if you wrote both of the above, it would be possible to get *some* of
the IP addresses of the clients connecting over DDP. Some.
FWIW,
--Mark
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:00 EST