Date: Mon, 23 Apr 2007 12:59:47 -0700 From: Julian Elischer <julian@elischer.org> To: Lubomir Georgiev <0shady0recs0@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw with nat - allowing by MAC address Message-ID: <462D1033.8030309@elischer.org> In-Reply-To: <937e203f0704231213l374167c8kbd8efd3e1fee4c45@mail.gmail.com> References: <937e203f0704231213l374167c8kbd8efd3e1fee4c45@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Lubomir Georgiev wrote: > I'd like to thank all the people who replied to the thread I started. Your > help has been invaluable. The reason I didn't immediately respond to Jao is > that I wanted to make sure I wasn't mistaking - I was sure that IPFW + > NAT + > MAC address filtering in a single box was possible because I had seen it > with my own two eyes. I just didn't take the time to see the ruleset > then. I > was going there in a couple of days and was going to shed some light on the > subject but it turns out I don't need to - Patrick and Julian have > backed me > up. > > I am going to try out what you've recommended and post the results. Once > again thanks for all your efforts and Jao please do try not to go all "high > and mighty" over other seeking help when what we really want is one and the > same thing - to help each other, and that I think is the purpose of this > list. > > So, I'll keep you posted. > As I posted, I think you can use keep-state to pass state between layer 2 and layer 3 instances of the firewall. the trick is to remmeber that "check-state" just re-runs the rule that had the orginal keep-state, and that that rule can be almost anything, including a skipto.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?462D1033.8030309>