ipfw with nat - allowing by MAC address
Lubomir Georgiev
0shady0recs0 at gmail.com
Thu Apr 19 21:27:11 UTC 2007
Hi all,
I've lost 2 nights sleep over this and I still can't get through it! -
Here's the thing :
I have a FreeBSD box with ipfw and natd running.
My internal ifaces are
internal - xl0 /3com/ - ip 192.168.1.254
external - fxp0 - 10.11.0.33
ipfw l
00200 skipto 1200 ip from 192.168.1.100 to not me via fxp0
#00400 skipto 1200 ip from 192.168.1.0/24 to not me layer2 out
#00600 skipto 1200 ip from any to any MAC any 00:19:d2:36:b8:48 layer2 in
00800 skipto 1200 ip from { not 10.11.0.0/24 or not 192.168.0.0/24 } to me
01000 skipto 1400 ip from any to any
01200 divert 8668 ip from any to any via fxp0
$01250 queue 1 ip from any to any src-port 80 via fxp0
$01251 queue 1 ip from any to any dst-port 80 via fxp0
$01300 queue 2 ip from any to any not src-port 80 via fxp0
01400 allow ip from any to any
65535 deny ip from any to any
And now for some explaining - the lines with # in from are my futile tries
to accomplish my goal and the ones with the $ concern dummynet, which isn't
the issue here.
Here's what I want to do. I want to filter the computers who will get nated
by MAC address and allow the as well as others /who won't get nated/ to
reach localhost. I don't use dhcp. I have read numerous articles and have
tried many different strategies but non of the seem to work.
In other words i want to allow MAC addresses of machines which will have
internet and the others will just be able to access localhost in order for
me to get in with ssh if needed.
I hope i was able to explain what i want to do and of course ANY help would
be GREATLY appreciated. 10x in advance...
--
mEsS wItH tHe bEsT
dIE liKe tHe rESt
More information about the freebsd-ipfw
mailing list