ipfw with nat - allowing by MAC address
AT Matik
asstec at matik.com.br
Sun Apr 22 12:49:21 UTC 2007
On Sunday 22 April 2007 07:59, Lubomir Georgiev wrote:
> Thanks for the response but I have to disagree with you - I have read the
> responses time and time again with great attention, but to no avail. From
> what you said I understand that in order to utilize MAC address filtering I
> would need a managed switch or another box aside from the one that will be
> performing the NATing - is that right? Are you sure that there's no way to
> combine MAC filtering with NAT in a single box?
>
man, you can control layer2 traffic only if you have some and this is not the
case on a natd router
> P.S. I have heard of another way of filtering which uses the ARP tables -
> any comments on that? The thing that I don't think I'll be able to
> accomplish with the ARP tables is to use any of the 192.168.1.X IP
> addresses.
arptables on a router do not have anything to do with layer2 traffic
you can fake the mac address and make it permanent in the arptable on the nat
router which then certainly blocks the correct mac as well as you can open a
door with an ax or check your blood pressure with a knife, what I am trying
to say is that this are "last resource methods"
João
> Once again thanks for all your help and I hope we can reach the final
> conclusion of this problem.
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
More information about the freebsd-ipfw
mailing list