Date: Thu, 30 Aug 2007 23:03:25 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: paul@wilorc.co.uk Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw2 deep packet filtering Message-ID: <470581188500605@webmail29.yandex.ru> In-Reply-To: 1550000000206419139 References: 1550000000206419139
next in thread | raw e-mail | index | archive | help
Hi, > I'm trying to solve a problem with ipfw2, so would be grateful for help > from anyone on the list with moving things forward. This is not an ipfw problem. > I would like to understand if it's possible to discover the real MAC > address of a packet that has been NAT'd by another device. The scenario > for using this would be for hosts on a wireless LAN that connect to a > wireles router which NAT's their connection and then routes the packets > to another LAN (across a wire) where a FreeBSD server performs firewall > packet filtering via ipfw2. As all the connections from the hosts on > the wireless LAN have had their MAC and IP addresses NAT'd to that of > the wireless router, it is difficult to distinguish between hosts, > unless some form of deep packet inspection could be performed to > discover the true MAC address. Is this something that would be possible > with ipfw2? There is no way to discover this information. Maybe, you can parse some specific protocols that contain a MAC addresses within packets. But this is hard and don't give a 100% results. The right way, IMHO, is an VPN-connections between Wireless clients and FreeBSD server. -- WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?470581188500605>