From owner-freebsd-ipfw@FreeBSD.ORG Sun Apr 22 10:59:29 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5FF7116A400 for ; Sun, 22 Apr 2007 10:59:29 +0000 (UTC) (envelope-from 0shady0recs0@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.247]) by mx1.freebsd.org (Postfix) with ESMTP id 225F713C44C for ; Sun, 22 Apr 2007 10:59:29 +0000 (UTC) (envelope-from 0shady0recs0@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so1520861ana for ; Sun, 22 Apr 2007 03:59:28 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=TG/8+4yjGrQFFINWjxURlqrCZHd5rPiwz86IbBtle2hD5Qvbk9pEuKYJvzULvXiiIKobSsLZHFNhpEL2hSnZj1D5ChCRGbDeinghqYp/2ytcbhFVXeSNI45xh0tjOa+wi169jLEQeJQ9izxdaG1pOMWYitx0jCGCq9VebbhWHco= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=q8xZRw3XGkJ9MEfnSvUV/rHdTTXofyCQM/iBXb9kYccPIlT6wxmvW69PD9C0ICtbpFWoik3VDPkBp1hDGGlSGceHKmqUSghWFm/QQuTWcFwtxSSaUG4SnM0oypgUDdOREW0et5cbzxhtbrZ6TKo0C3cHXXGCFMk4pggKG/POrQU= Received: by 10.100.241.20 with SMTP id o20mr156992anh.1177239567968; Sun, 22 Apr 2007 03:59:27 -0700 (PDT) Received: by 10.100.137.17 with HTTP; Sun, 22 Apr 2007 03:59:27 -0700 (PDT) Message-ID: <937e203f0704220359y657f46b1y5401a10197d5bffa@mail.gmail.com> Date: Sun, 22 Apr 2007 13:59:27 +0300 From: "Lubomir Georgiev" <0shady0recs0@gmail.com> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipfw with nat - allowing by MAC address X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Apr 2007 10:59:29 -0000 Thanks for the response but I have to disagree with you - I have read the responses time and time again with great attention, but to no avail. From what you said I understand that in order to utilize MAC address filtering I would need a managed switch or another box aside from the one that will be performing the NATing - is that right? Are you sure that there's no way to combine MAC filtering with NAT in a single box? Just to make things clear I'll give an example of what I want to do - I want a machine with say MAC-a to have internet connectivity regardless of its IP address - that is I can assign to it any of the 192.168.1.Xaddresses. But if a machine with say MAC-b comes into the network and tries any IP I want it to be excluded from the NATd rule but still have connectivity with the FreeBSD box - so that I can open up a terminal and add it to the rulelist if I want Inet connectivity on that machine. P.S. I have heard of another way of filtering which uses the ARP tables - any comments on that? The thing that I don't think I'll be able to accomplish with the ARP tables is to use any of the 192.168.1.X IP addresses. Once again thanks for all your help and I hope we can reach the final conclusion of this problem. -- mEsS wItH tHe bEsT dIE liKe tHe rESt