From owner-freebsd-ipfw@FreeBSD.ORG Fri Apr 20 12:23:14 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3583716A400 for ; Fri, 20 Apr 2007 12:23:14 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.freebsd.org (Postfix) with ESMTP id B4F9F13C45A for ; Fri, 20 Apr 2007 12:23:13 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from ap-h.matik.com.br (ap-h.matik.com.br [200.152.83.36]) by msrv.matik.com.br (8.13.8/8.13.1) with ESMTP id l3KCND73031499; Fri, 20 Apr 2007 09:23:13 -0300 (BRT) (envelope-from asstec@matik.com.br) From: AT Matik Organization: Infomatik To: freebsd-ipfw@freebsd.org Date: Fri, 20 Apr 2007 09:23:11 -0300 User-Agent: KMail/1.9.5 References: <937e203f0704191400i10ae5751ka41c17e40e4eff99@mail.gmail.com> In-Reply-To: <937e203f0704191400i10ae5751ka41c17e40e4eff99@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200704200923.11949.asstec@matik.com.br> X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on msrv.matik.com.br X-Virus-Status: Clean Cc: Lubomir Georgiev <0shady0recs0@gmail.com> Subject: Re: ipfw with nat - allowing by MAC address X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2007 12:23:14 -0000 On Thursday 19 April 2007 18:00, Lubomir Georgiev wrote: > Hi all, > > I've lost 2 nights sleep over this and I still can't get through it! - > Here's the thing : > > I have a FreeBSD box with ipfw and natd running. > My internal ifaces are > internal - xl0 /3com/ - ip 192.168.1.254 > external - fxp0 - 10.11.0.33 > > ipfw l > 00200 skipto 1200 ip from 192.168.1.100 to not me via fxp0 > #00400 skipto 1200 ip from 192.168.1.0/24 to not me layer2 out > #00600 skipto 1200 ip from any to any MAC any 00:19:d2:36:b8:48 layer2 in you will not have so much luck with this until you are loading the bridge o= r=20 if_bridge module, on a router this will not work Jo=E3o A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br