Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Feb 2003 19:35:12 +0000
From:      "Neil Long" <neil.long@computing-services.oxford.ac.uk>
To:        freebsd-stable@freebsd.org
Subject:   IPFW2 MAC restrictions and packet forwarding
Message-ID:  <1030228193513.ZM14859@ratbert.oucs.ox.ac.uk>

next in thread | raw e-mail | index | archive | help
Hi

4.7-Release from CD, kernel rebuilt with IPFIREWALL, IPFW2, IPFILTER
(ipfw and libalias built with IPFW2=TRUE)

Does anyone have any example ipfw command sets to show how to limit
access on one interface to specific incoming MACs i.e. I want to allow
IPs incoming on ed0 to exit ed1 nated as the IP on ed1 (ipnat is easy
bit).

(ipnat is running and I set sysctl net.inet.ip.forwarding=1
 net.link.ether.ipfw=1)

It works with an open-type ipfw list but I haven't been able to figure
out all the MAC based rules that are needed as soon as I apply a
default deny on ed0. ?net.link.ether.bridge_ipfw=1 and bridge.ko
needed?

I think the problem is my complete lack of understanding as to the
layer2 rules (and even MAC any any layer2 type invocations are not
scoring any hits.)

I guess I would just like to hear from someone that such a scenario
does work on 4.7 :-)

thanks
Neil

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Dr Neil J Long, Computing Services, University of Oxford
 13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275
 EMail:       Neil.Long@computing-services.oxford.ac.uk  
 PGP:    ID 0xE88EF71F    OxCERT: oxcert@ox.ac.uk PGP: ID 0x9FF898D5

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1030228193513.ZM14859>