ipfw with nat - allowing by MAC address
Lubomir Georgiev
0shady0recs0 at gmail.com
Mon Apr 23 21:24:42 UTC 2007
OK people - here's the deal. I have tried the setup as described by *Patrick
Tracanelli at *click
<http://lists.freebsd.org/pipermail/freebsd-ipfw/2007-April/002956.html>
but the shitty thing still doesn't want to just let it be! Since I don't
want to
00500 468 30071 deny log logamount 100 ip from any to any MAC any
any layer2 via xl0
I'm trying to integrate a rule that just skips the natd but still allows
normal client -> freebsd box communication. The problem is - I can
manipulate layer2 any way I like e.g. use skipto with MAC as described and
everything but as soon as I add a rule like this
ipfw add 500 skipto 1400 /after the divert natd/ all from any to any not
layer2
I lose worldwide connectivity. And if I don't add this rule my whole
192.168.1.0/24 segment in enabled because of the
01203 divert 8668 ip from 192.168.1.0/24 to any out via fxp0
01205 divert 8668 ip from any to me in via fxp0
Can someone please explain this? And just give the word and I'll send a
more substantial part of the ruleset and the different strategies /of
rulesets :)/ that I've tried.
The bottom line - Patrick's setup doesn't work, at least here. I'm certain
that I've written the rules they're supposed to be /just change ip ranges,
if names etc./
10x in advance and please do bare with me...
--
mEsS wItH tHe bEsT
dIE liKe tHe rESt
More information about the freebsd-ipfw
mailing list