From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 14 20:52:05 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0967916A4CE for ; Mon, 14 Feb 2005 20:52:05 +0000 (GMT) Received: from pop-a065d19.pas.sa.earthlink.net (pop-a065d19.pas.sa.earthlink.net [207.217.121.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBD8243D2F for ; Mon, 14 Feb 2005 20:52:04 +0000 (GMT) (envelope-from martes.wigglesworth@earthlink.net) Received: from gonzo.psp.pas.earthlink.net ([207.217.78.242]) by pop-a065d19.pas.sa.earthlink.net with esmtp (Exim 3.33 #1) id 1D0nCL-0003CW-00; Mon, 14 Feb 2005 12:52:01 -0800 Message-ID: <25505810.1108414310082.JavaMail.root@gonzo.psp.pas.earthlink.net> Date: Mon, 14 Feb 2005 15:51:49 -0500 (GMT-05:00) From: "SPC Wigglesworth, Martes G" To: vitadiazlistas , freebsd-ipfw@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Earthlink Zoo Mail 1.0 Subject: Re: To control accessos by MAC address of ethernets X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "SPC Wigglesworth, Martes G" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Feb 2005 20:52:05 -0000 I don't think that you can mix ip and mac addresses within level-2 rules. And you have to have the correct layer-2 sysctl set. I am not at my bsd box, so I cannot remember what that is, however it is listed within the sysctl section of the ipfw man. I think that a working rule would be: ipfw add pass MAC any ${MACADDRESS} {etc...} or switch any and the ${ } -----Original Message----- From: vitadiazlistas Sent: Feb 14, 2005 11:34 AM To: freebsd-ipfw@freebsd.org Subject: To control accessos by MAC address of ethernets >From already thank you very much reading to me. This compiled ipfw2 and works everything except this I have ipfw2 very well walking but I need to validate the accesses of the LAN by interval of the MAC of ethernets and I have not been able to make walk this. Somebody can show to me like is that ipfw2 with the subject of the MAC works Thanks Can that the this not putting rules in the place which they go? that is in the part of firewall where they funcionarian as filter. The same it happens to me with IPA adds paketes but it does not let to me walk but the control of bandwith. Also it is rare. Says to me that there is to patch freebsd because in some cases it does not walk that type of control. I do not want to use DHCP to validate I must make a control of accesses by wireless and LAN via ipfw2, if it will be by better Web but I am trying to do it i myself. My firewall ## rl0 NAT (LAN 1) ## ep1 conecction internet ipfw -f flush ipfw add divert natd all from any to any via ep1 ipfw add allow all from any to 192.168.1.56 MAC any 00:0d:88:ba:b9:40 via rl0 (no add paketes) ipfw add fwd 127.0.0.1,3128 tcp from 192.168.0.0/16 to not 192.168.0.0/16 80 ipfw add pipe 78 tcp from any 80 to 192.168.0.0/16 ipfw pipe 78 config mask src-ip 0x000000ff bw 80Kbit/s _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"