Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 21 Apr 2007 23:20:21 +0300
From:      "Lubomir Georgiev" <0shady0recs0@gmail.com>
To:        freebsd-ipfw@freebsd.org
Subject:   ipfw with nat - allowing by MAC address
Message-ID:  <937e203f0704211320x66156eafi6707a872de835540@mail.gmail.com>
In-Reply-To: <1029169348.20070421173510@spaingsm.com>
References:  <937e203f0704191400i10ae5751ka41c17e40e4eff99@mail.gmail.com> <937e203f0704201150n2f7d1cd6t65de8844581562c7@mail.gmail.com> <937e203f0704201153u7d5c05qb2b0183ca839acf7@mail.gmail.com> <1029169348.20070421173510@spaingsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
>---------- Forwarded message ----------
>From: Fratiman Vladut <vladone@spaingsm.com>
>Date: Apr 21, 2007 5:35 PM
>Subject: Re: ipfw with nat - allowing by MAC address
>To: ipfw@freebsd.org
>
>You need to enable layer 2 filtering if u want to block mac address,
>but is not very useful because can be easy spoofed.
>sysctl net.link.ether.ipfw=1
>To make this change permanently edit /etc/sysctl.conf.
>
>For more information about bridge read this:
>
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html
>--
>Best regards,
>Fratiman                            mailto:vladone@spaingsm.com


Thanks for your response. I'd like to make one thing clear - my idea is to
just have a machine which NATs the others. I never intended to use it as a
bridge - even though in purpose natting and bridging have similarities. The
previous response also included if_bridge and I can't understand why people
keep writing about the bridge module when I'm trying to set up IPFW + NAT.
>From what I've read I understand that these two are not connected - or are
they?  Someone please tell me whether I need the if_bridge module compiled
into my kernel for an IPFW + NAT with MAC address filtering setup to work
and why?

As for spoofing - I think that spoofing an IP address requires *a lot* less
computer knowledge than MAC address spoofing. Anyway - I'd really appreciate
it if someone could put an end to my misery...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?937e203f0704211320x66156eafi6707a872de835540>