---------- Forwarded message ----------
From: Fratiman Vladut <[EMAIL PROTECTED]>
Date: Apr 21, 2007 5:35 PM
Subject: Re: ipfw with nat - allowing by MAC address
To: [EMAIL PROTECTED]
You need to enable layer 2 filtering if u want to block mac address,
but is not very useful because can be easy spoofed.
sysctl net.link.ether.ipfw=1
To make this change permanently edit /etc/sysctl.conf.
For more information about bridge read this:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html
--
Best regards,
Fratiman mailto:[EMAIL PROTECTED]
Thanks for your response. I'd like to make one thing clear - my idea is to
just have a machine which NATs the others. I never intended to use it as a
bridge - even though in purpose natting and bridging have similarities. The
previous response also included if_bridge and I can't understand why people
keep writing about the bridge module when I'm trying to set up IPFW + NAT.
From what I've read I understand that these two are not connected - or are
they? Someone please tell me whether I need the if_bridge module compiled
into my kernel for an IPFW + NAT with MAC address filtering setup to work
and why?
As for spoofing - I think that spoofing an IP address requires *a lot* less
computer knowledge than MAC address spoofing. Anyway - I'd really appreciate
it if someone could put an end to my misery...
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
