ipfw with nat - allowing by MAC address
Lubomir Georgiev
0shady0recs0 at gmail.com
Sat Apr 21 20:20:22 UTC 2007
>---------- Forwarded message ----------
>From: Fratiman Vladut <vladone at spaingsm.com>
>Date: Apr 21, 2007 5:35 PM
>Subject: Re: ipfw with nat - allowing by MAC address
>To: ipfw at freebsd.org
>
>You need to enable layer 2 filtering if u want to block mac address,
>but is not very useful because can be easy spoofed.
>sysctl net.link.ether.ipfw=1
>To make this change permanently edit /etc/sysctl.conf.
>
>For more information about bridge read this:
>
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html
>--
>Best regards,
>Fratiman mailto:vladone at spaingsm.com
Thanks for your response. I'd like to make one thing clear - my idea is to
just have a machine which NATs the others. I never intended to use it as a
bridge - even though in purpose natting and bridging have similarities. The
previous response also included if_bridge and I can't understand why people
keep writing about the bridge module when I'm trying to set up IPFW + NAT.
>From what I've read I understand that these two are not connected - or are
they? Someone please tell me whether I need the if_bridge module compiled
into my kernel for an IPFW + NAT with MAC address filtering setup to work
and why?
As for spoofing - I think that spoofing an IP address requires *a lot* less
computer knowledge than MAC address spoofing. Anyway - I'd really appreciate
it if someone could put an end to my misery...
More information about the freebsd-ipfw
mailing list