Date: Mon, 23 Apr 2007 16:04:30 -0700 From: Julian Elischer <julian@elischer.org> To: Lubomir Georgiev <0shady0recs0@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw with nat - allowing by MAC address Message-ID: <462D3B7E.6020006@elischer.org> In-Reply-To: <937e203f0704231424q28306d67n8c476e113f95441e@mail.gmail.com> References: <937e203f0704231424q28306d67n8c476e113f95441e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ok so I just emailed how I would do this.. Did you not receive it? Lubomir Georgiev wrote: > OK people - here's the deal. I have tried the setup as described by > *Patrick > Tracanelli at *click > <http://lists.freebsd.org/pipermail/freebsd-ipfw/2007-April/002956.html>; > but the shitty thing still doesn't want to just let it be! Since I don't > want to > > 00500 468 30071 deny log logamount 100 ip from any to any MAC any > any layer2 via xl0 > > > I'm trying to integrate a rule that just skips the natd but still allows > normal client -> freebsd box communication. The problem is - I can > manipulate layer2 any way I like e.g. use skipto with MAC as described and > everything but as soon as I add a rule like this > > ipfw add 500 skipto 1400 /after the divert natd/ all from any to any not > layer2 > > I lose worldwide connectivity. And if I don't add this rule my whole > 192.168.1.0/24 segment in enabled because of the > > 01203 divert 8668 ip from 192.168.1.0/24 to any out via fxp0 > 01205 divert 8668 ip from any to me in via fxp0 > > Can someone please explain this? And just give the word and I'll send a > more substantial part of the ruleset and the different strategies /of > rulesets :)/ that I've tried. > The bottom line - Patrick's setup doesn't work, at least here. I'm certain > that I've written the rules they're supposed to be /just change ip ranges, > if names etc./ > > 10x in advance and please do bare with me... >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?462D3B7E.6020006>