Date: Thu, 26 Apr 2007 22:42:57 +0300 From: "Lubomir Georgiev" <0shady0recs0@gmail.com> To: freebsd-ipfw@freebsd.org Subject: ipfw with nat - allowing by MAC address Message-ID: <937e203f0704261242x8c13b9bw3f2bcc56bbe20729@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
So I guess shit never stops... As I said I'm currently trying to use the
deny rule which you initially supplied to drop the packets which don't get
skipped. Here's my current ruleset -
00100 173035 29328940 allow ip from any to any via xl0
00300 292524 50232419 skipto 1200 ip from any to any { MAC
00:19:d2:36:b8:48 any or MAC any 00:19:d2:36:b8:48 } layer2
00800 0 0 deny log logamount 100 ip from any to any MAC any
any layer2 via xl0
01203 3802723 1050820011 divert 8668 ip from 192.168.1.0/24 to any out via
fxp0
01205 2218931 1145072418 divert 8668 ip from any to me in via fxp0
01250 81843 84998617 queue 1 ip from any to any src-port 80 not layer2
via fxp0
01251 64777 18975661 queue 1 ip from any to any dst-port 80 not layer2
via fxp0
01300 4279821 1513380511 queue 2 ip from any to any not src-port 80 not
layer2 via fxp0
01500 6137984 2192285003 allow ip from any to any
65535 5 416 deny ip from any to any
And the result is the same - everyone on the 192.168.1.0/24 segment gets
diverted. And as you can see no traffic hits rule 800. So what's the deal?
Any ideas?
--
mEsS wItH tHe bEsT
dIE liKe tHe rESt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?937e203f0704261242x8c13b9bw3f2bcc56bbe20729>