ipfw2 deep packet filtering

[Chuck Swiger]

On Aug 30, 2007, at 7:08 AM, Paul Bridger wrote:
> I would like to understand if it's possible to discover the real  
> MAC address of a packet that has been NAT'd by another device.

No.  You can only get the real MACs of devices by listening on the  
same subnet that the traffic originates from; once it passes through  
a router (with NAT enabled or not, doesn't matter), you only see the  
MAC of the device which passed that traffic along.

> The scenario for using this would be for hosts on a wireless LAN  
> that connect to a wireles router which NAT's their connection and  
> then routes the packets to another LAN (across a wire) where a  
> FreeBSD server performs firewall packet filtering via ipfw2.  As  
> all the connections from the hosts on the wireless LAN have had  
> their MAC and IP addresses NAT'd to that of the wireless router, it  
> is difficult to distinguish between hosts, unless some form of deep  
> packet inspection could be performed to discover the true MAC  
> address.  Is this something that would be possible with ipfw2?

Nope.  You'd need to do your firewall inspection of your wireless  
router, not on the FreeBSD box.

-- 
-Chuck