On 1/16/2017 12:44 AM, Rob Kampen wrote: >> > Here's an idea - untested. > set up a network on the single nic - say 192.168.55.xx/24 > set up the dhcp to offer leases from a subset of this network - say > 192.168.55.128/28 > set up fixed leases based upon mac address from the remainder of the > network - i.e. outside the subset above - e.g. 192.168.55.1/28 > then route / firewall as required - i.e. trusted known mac address > hence IP address allowed vs unknown guest given an IP address we can > block or otherwise handle. > As indicated, this is not tested but if memory serves, dhcpd will > allow this kind of allocation. the untrusted wireless users will be able to access other LAN machines without going through the firewall. -- john r pierce, recycling bits in santa cruz