Date: Sat, 2 Aug 2003 22:39:24 -0400 (EDT) From: Mike Wade <mwade@bluehighway.net> To: Andy Gilligan <andy@evo6.org> Cc: freebsd-net@freebsd.org Subject: Re: ipfw2 mac address matching weirdness? Message-ID: <20030802223846.V4501@net-ninja.dyndns.org> In-Reply-To: <20030803020257.GA79533@vega.evo6.net> References: <20030802203114.J4501@net-ninja.dyndns.org> <20030803020257.GA79533@vega.evo6.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 3 Aug 2003, Andy Gilligan wrote: > On Sun, Aug 03, 2003 at 01:31:23AM BST, Mike Wade wrote: > > I'm running FreeBSD 4.8 RELEASE w/ IPFW2 support enabled. I'm running > > into some weirdness with the mac address matching feature or perhaps it's > > my lack of understanding how it interacts with other rules. :) > > > > My goal is to transparently redirect everything except a few select MAC > > addresses but it doesn't appear to work properly. For example: > > > > net-ninja# ipfw list > > 00001 skipto 65535 ip from any to any MAC any any in via sis0 > > 00002 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in via sis0 > > 65535 allow ip from any to any > > > > This should allow every MAC address to bypass the transparent redirect but > > it doesn't. If I change rule #1 to: > > > > 00001 skipto 65535 ip from any to any in via sis0 > > > > Things work as advertised. Any ideas? > > Try: > > sysctl net.link.ether.ipfw=1 Hmm, it was already set: net-ninja# sysctl net.link.ether.ipfw net.link.ether.ipfw: 1 --- Mike Wade (mwade@bluehighway.net) Blue Highway Labs, LLC.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030802223846.V4501>