ipfw2 mac address matching weirdness?
Andy Gilligan
andy at evo6.org
Sat Aug 2 19:03:01 PDT 2003
On Sun, Aug 03, 2003 at 01:31:23AM BST, Mike Wade wrote:
> I'm running FreeBSD 4.8 RELEASE w/ IPFW2 support enabled. I'm running
> into some weirdness with the mac address matching feature or perhaps it's
> my lack of understanding how it interacts with other rules. :)
>
> My goal is to transparently redirect everything except a few select MAC
> addresses but it doesn't appear to work properly. For example:
>
> net-ninja# ipfw list
> 00001 skipto 65535 ip from any to any MAC any any in via sis0
> 00002 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in via sis0
> 65535 allow ip from any to any
>
> This should allow every MAC address to bypass the transparent redirect but
> it doesn't. If I change rule #1 to:
>
> 00001 skipto 65535 ip from any to any in via sis0
>
> Things work as advertised. Any ideas?
Try:
sysctl net.link.ether.ipfw=1
Regards,
-Andy
More information about the freebsd-net
mailing list