ipfw2 deep packet filtering
Paul Bridger
paul at wilorc.co.uk
Thu Aug 30 07:26:31 PDT 2007
Hi
I'm trying to solve a problem with ipfw2, so would be grateful for help
from anyone on the list with moving things forward.
I would like to understand if it's possible to discover the real MAC
address of a packet that has been NAT'd by another device. The scenario
for using this would be for hosts on a wireless LAN that connect to a
wireles router which NAT's their connection and then routes the packets
to another LAN (across a wire) where a FreeBSD server performs firewall
packet filtering via ipfw2. As all the connections from the hosts on
the wireless LAN have had their MAC and IP addresses NAT'd to that of
the wireless router, it is difficult to distinguish between hosts,
unless some form of deep packet inspection could be performed to
discover the true MAC address. Is this something that would be possible
with ipfw2?
Thank you.
-Paul
More information about the freebsd-ipfw
mailing list