Date: Sat, 21 Apr 2007 23:20:21 +0300 From: "Lubomir Georgiev" <0shady0recs0@gmail.com> To: freebsd-ipfw@freebsd.org Subject: ipfw with nat - allowing by MAC address Message-ID: <937e203f0704211320x66156eafi6707a872de835540@mail.gmail.com> In-Reply-To: <1029169348.20070421173510@spaingsm.com> References: <937e203f0704191400i10ae5751ka41c17e40e4eff99@mail.gmail.com> <937e203f0704201150n2f7d1cd6t65de8844581562c7@mail.gmail.com> <937e203f0704201153u7d5c05qb2b0183ca839acf7@mail.gmail.com> <1029169348.20070421173510@spaingsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>---------- Forwarded message ---------- >From: Fratiman Vladut <vladone@spaingsm.com> >Date: Apr 21, 2007 5:35 PM >Subject: Re: ipfw with nat - allowing by MAC address >To: ipfw@freebsd.org > >You need to enable layer 2 filtering if u want to block mac address, >but is not very useful because can be easy spoofed. >sysctl net.link.ether.ipfw=1 >To make this change permanently edit /etc/sysctl.conf. > >For more information about bridge read this: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html >-- >Best regards, >Fratiman mailto:vladone@spaingsm.com Thanks for your response. I'd like to make one thing clear - my idea is to just have a machine which NATs the others. I never intended to use it as a bridge - even though in purpose natting and bridging have similarities. The previous response also included if_bridge and I can't understand why people keep writing about the bridge module when I'm trying to set up IPFW + NAT. >From what I've read I understand that these two are not connected - or are they? Someone please tell me whether I need the if_bridge module compiled into my kernel for an IPFW + NAT with MAC address filtering setup to work and why? As for spoofing - I think that spoofing an IP address requires *a lot* less computer knowledge than MAC address spoofing. Anyway - I'd really appreciate it if someone could put an end to my misery...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?937e203f0704211320x66156eafi6707a872de835540>