ipfw with nat - allowing by MAC address
Julian Elischer
julian at elischer.org
Mon Apr 23 19:59:38 UTC 2007
Lubomir Georgiev wrote:
> I'd like to thank all the people who replied to the thread I started. Your
> help has been invaluable. The reason I didn't immediately respond to Jao is
> that I wanted to make sure I wasn't mistaking - I was sure that IPFW +
> NAT +
> MAC address filtering in a single box was possible because I had seen it
> with my own two eyes. I just didn't take the time to see the ruleset
> then. I
> was going there in a couple of days and was going to shed some light on the
> subject but it turns out I don't need to - Patrick and Julian have
> backed me
> up.
>
> I am going to try out what you've recommended and post the results. Once
> again thanks for all your efforts and Jao please do try not to go all "high
> and mighty" over other seeking help when what we really want is one and the
> same thing - to help each other, and that I think is the purpose of this
> list.
>
> So, I'll keep you posted.
>
As I posted, I think you can use keep-state to pass state between
layer 2 and layer 3 instances of the firewall.
the trick is to remmeber that "check-state" just re-runs the rule that
had the orginal keep-state, and that that rule can be almost anything, including
a skipto.
More information about the freebsd-ipfw
mailing list