ipfw with nat - allowing by MAC address

2007-04-24 Thread Lubomir Georgiev
Julian if you mean this Then I did received it but Patrick's setup seemed much easier and he claimed that it worked. This is why I decided to try his first. But now that I've re-examined it I see that it's not that much mor

Re: kern/107305: [ipfw] ipfw fwd doesn't seem to work

2007-04-24 Thread Mark Linimon
Synopsis: [ipfw] ipfw fwd doesn't seem to work Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Tue Apr 24 10:04:06 UTC 2007 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=107305

Re: ipfw with nat - allowing by MAC address

2007-04-24 Thread Patrick Tracanelli
Lubomir Georgiev escreveu: Julian if you mean this Then I did received it but Patrick's setup seemed much easier and he claimed that it worked. This is why I decided to try his first. But now that I've re-examined it I

ipfw with nat - allowing by MAC address

2007-04-24 Thread Lubomir Georgiev
OK, so let's get started. Here's my ruleset - 00300 131732 19262748 skipto 1200 ip from any to any { MAC any 00:19:d2:36:b8:48 or MAC 00:19:d2:36:b8:48 any } layer2 00500 47231941536 skipto 1400 ip from any to any layer2 01203684798449298 divert 8668 ip from 192.168.1.0/24 to

Re: ipfw with nat - allowing by MAC address

2007-04-24 Thread Patrick Tracanelli
Lubomir Georgiev escreveu: OK, so let's get started. Here's my ruleset - 00300 131732 19262748 skipto 1200 ip from any to any { MAC any 00:19:d2:36:b8:48 or MAC 00:19:d2:36:b8:48 any } layer2 Good. I have never used it this way and I am not sure if it will work. First, try to use two rule

ipfw with nat - allowing by MAC address

2007-04-24 Thread Lubomir Georgiev
H1 again. So I did try dividing the first rule up into two. But the problem still remains - all the machines on the 192.168.1.X get diverted through natd regardless of their MAC address. I don't think that the problem lies with the rule that allows the traffic rather with the ones that denies /s

Re: ipfw with nat - allowing by MAC address

2007-04-24 Thread Julian Elischer
Lubomir Georgiev wrote: OK, so let's get started. Here's my ruleset - 00300 131732 19262748 skipto 1200 ip from any to any { MAC any 00:19:d2:36:b8:48 or MAC 00:19:d2:36:b8:48 any } layer2 for a packet from a client through this machine to the internet: on the first pass (packet in etherne

Re: ipfw with nat - allowing by MAC address

2007-04-24 Thread Julian Elischer
Julian Elischer wrote: Lubomir Georgiev wrote: OK, so let's get started. Here's my ruleset - 00300 131732 19262748 skipto 1200 ip from any to any { MAC any 00:19:d2:36:b8:48 or MAC 00:19:d2:36:b8:48 any } layer2 for a packet from a client through this machine to the internet: on the first