Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Apr 2007 20:00:44 +0300
From:      "Lubomir Georgiev" <0shady0recs0@gmail.com>
To:        freebsd-ipfw@freebsd.org
Subject:   ipfw with nat - allowing by MAC address
Message-ID:  <937e203f0704241000k1db56507jba1b0ac89cd3aece@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
OK, so let's get started. Here's my ruleset -

00300   131732   19262748 skipto 1200 ip from any to any { MAC any
00:19:d2:36:b8:48 or MAC 00:19:d2:36:b8:48 any } layer2
00500     4723    1941536 skipto 1400 ip from any to any layer2
01203    68479    8449298 divert 8668 ip from 192.168.1.0/24 to any out via
fxp0
01205    71215   16745674 divert 8668 ip from any to me in via fxp0
*01250   410160  534966441 queue 1 ip from any to any src-port 80 via fxp0
*01251   143290   14139299 queue 1 ip from any to any dst-port 80 via fxp0
*01300  2711668 1462734503 queue 2 ip from any to any not src-port 80 via
fxp0
01400 12581325 6691776490 allow ip from any to any

I've marked the dummynet rules with an asterisk. I'm using Patrick's ruleset
- since I'm only allowing internet access for a single machine I've combined
his first two rules into one. My internal network is 192.168.1.0/24 and my
external iface is fxp0. What I'm experiencing right now as I'm using this
set is this - I have internet on this machine I desired /OK/ and on all
others with ip 192.168.1.X /not OK, obviously :)/ regardless of MAC. For me,
the rules that concern layer2 don't do what they're supposed to and thusly
the traffic reaches rule 1203 and 1205 and onward. Interestingly enough
traffic does hit the first and second rule. Here's my uname -

FreeBSD bogoqho.com 6.1-RELEASE FreeBSD 6.1-RELEASE #1: Sun Apr  8 10:54:10
EEST
2007     tldstyl3@bogoqho.com:/usr/src/sys/i386/compile/bogoqho  i386

And my sysctl -

bogoqho# sysctl -a | egrep "one_pass\|ether"
bogoqho#

which as you can see returns nothing using the command you instructed me to
use.

If there's anything that would help you - just say the word... Let's
brainstorm :)

-- 
mEsS wItH tHe bEsT
dIE liKe tHe rESt

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?937e203f0704241000k1db56507jba1b0ac89cd3aece>