ipfw with nat - allowing by MAC address
Lubomir Georgiev
0shady0recs0 at gmail.com
Thu Apr 26 19:42:59 UTC 2007
So I guess shit never stops... As I said I'm currently trying to use the
deny rule which you initially supplied to drop the packets which don't get
skipped. Here's my current ruleset -
00100 173035 29328940 allow ip from any to any via xl0
00300 292524 50232419 skipto 1200 ip from any to any { MAC
00:19:d2:36:b8:48 any or MAC any 00:19:d2:36:b8:48 } layer2
00800 0 0 deny log logamount 100 ip from any to any MAC any
any layer2 via xl0
01203 3802723 1050820011 divert 8668 ip from 192.168.1.0/24 to any out via
fxp0
01205 2218931 1145072418 divert 8668 ip from any to me in via fxp0
01250 81843 84998617 queue 1 ip from any to any src-port 80 not layer2
via fxp0
01251 64777 18975661 queue 1 ip from any to any dst-port 80 not layer2
via fxp0
01300 4279821 1513380511 queue 2 ip from any to any not src-port 80 not
layer2 via fxp0
01500 6137984 2192285003 allow ip from any to any
65535 5 416 deny ip from any to any
And the result is the same - everyone on the 192.168.1.0/24 segment gets
diverted. And as you can see no traffic hits rule 800. So what's the deal?
Any ideas?
--
mEsS wItH tHe bEsT
dIE liKe tHe rESt
More information about the freebsd-ipfw
mailing list