ipfw2 deep packet filtering
Andrey V. Elsukov
bu7cher at yandex.ru
Thu Aug 30 12:35:27 PDT 2007
Hi,
> I'm trying to solve a problem with ipfw2, so would be grateful for help
> from anyone on the list with moving things forward.
This is not an ipfw problem.
> I would like to understand if it's possible to discover the real MAC
> address of a packet that has been NAT'd by another device. The scenario
> for using this would be for hosts on a wireless LAN that connect to a
> wireles router which NAT's their connection and then routes the packets
> to another LAN (across a wire) where a FreeBSD server performs firewall
> packet filtering via ipfw2. As all the connections from the hosts on
> the wireless LAN have had their MAC and IP addresses NAT'd to that of
> the wireless router, it is difficult to distinguish between hosts,
> unless some form of deep packet inspection could be performed to
> discover the true MAC address. Is this something that would be possible
> with ipfw2?
There is no way to discover this information. Maybe, you can parse
some specific protocols that contain a MAC addresses within packets.
But this is hard and don't give a 100% results.
The right way, IMHO, is an VPN-connections between Wireless clients and
FreeBSD server.
--
WBR, Andrey V. Elsukov
More information about the freebsd-ipfw
mailing list