Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 Feb 2005 15:51:49 -0500 (GMT-05:00)
From:      "SPC Wigglesworth, Martes G" <martes.wigglesworth@earthlink.net>
To:        vitadiazlistas <vitadiazlistas@yahoo.com.ar>, freebsd-ipfw@freebsd.org
Subject:   Re: To control accessos by MAC address of ethernets
Message-ID:  <25505810.1108414310082.JavaMail.root@gonzo.psp.pas.earthlink.net>

next in thread | raw e-mail | index | archive | help
I don't think that you can mix ip and mac addresses within level-2 rules.  And you have to have the correct layer-2 sysctl set.  I am not at my bsd box, so I cannot remember what that is, however it is listed within the sysctl section of the ipfw man.

I think that a working rule would be: 
ipfw add pass MAC any ${MACADDRESS} {etc...}
or switch any and the ${ }



-----Original Message-----
From: vitadiazlistas <vitadiazlistas@yahoo.com.ar>
Sent: Feb 14, 2005 11:34 AM
To: freebsd-ipfw@freebsd.org
Subject: To control accessos by MAC address of ethernets

>From already thank you very much reading to me.

This compiled ipfw2 and works everything except this

I have ipfw2 very well walking but I need to validate the accesses of the LAN by interval of the MAC of ethernets and I have not been able to make walk this.

Somebody can show to me like is that ipfw2 with the subject of the MAC works Thanks 

Can that the this not putting rules in the place which they go?  that is in the part of firewall where they funcionarian as filter.

The same it happens to me with IPA adds paketes but it does not let to me walk but the control of bandwith.

Also it is rare.

Says to me that there is to patch freebsd because in some cases it does not walk that type of control.

I do not want to use DHCP to validate I must make a control of accesses by wireless and LAN via ipfw2, if it will be by better Web but I am trying to do it i myself.

My firewall



## rl0 NAT (LAN 1)
## ep1 conecction internet

ipfw -f flush

ipfw add divert natd all from any to any via ep1

ipfw add allow all from any to 192.168.1.56 MAC any 00:0d:88:ba:b9:40 via rl0
(no add paketes)

ipfw add fwd 127.0.0.1,3128 tcp from 192.168.0.0/16 to not 192.168.0.0/16 80

ipfw add pipe 78 tcp from any 80 to 192.168.0.0/16

ipfw pipe 78 config mask src-ip 0x000000ff bw 80Kbit/s
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25505810.1108414310082.JavaMail.root>