ipfw2 deep packet filtering

[Andrey V. Elsukov]

Hi, 

> I'm trying to solve a problem with ipfw2, so would be grateful for help 
> from anyone on the list with moving things forward.

This is not an ipfw problem.

> I would like to understand if it's possible to discover the real MAC 
> address of a packet that has been NAT'd by another device.  The scenario 
> for using this would be for hosts on a wireless LAN that connect to a 
> wireles router which NAT's their connection and then routes the packets 
> to another LAN (across a wire) where a FreeBSD server performs firewall 
> packet filtering via ipfw2.  As all the connections from the hosts on 
> the wireless LAN have had their MAC and IP addresses NAT'd to that of 
> the wireless router, it is difficult to distinguish between hosts, 
> unless some form of deep packet inspection could be performed to 
> discover the true MAC address.  Is this something that would be possible 
> with ipfw2?

There is no way to discover this information. Maybe, you can parse 
some specific protocols that contain a MAC addresses within packets.
But this is hard and don't give a 100% results.
The right way, IMHO, is an VPN-connections between Wireless clients and 
FreeBSD server.

--
WBR, Andrey V. Elsukov