All,
As suggested.
Just to confirm that it perfectly works.
I made a NAT on ext_if from int_if
In principle :
- create a bridge, add the int_if to the bridge
- add a rule filtering and tagging based on MAC address ex :
brconfig bridge0 rule pass in on fxp0 src 9:8:7:6:5:4 tag boss
- filter with
> > What is the reason why some packets passing on re0 will not be seen on
> > bridge0
> >
> > given I set up the following configuration :
> > bridgename.bridge0
> > add re0
> > up
> >
> > I expected to see all the packets passing on re0 on bridge0 too which is
> > obviously not the
Hello All,
I do not want to insist too muich further about this problem, but I need to
find an issue in order to implement that feature properly.
I can't resolve how to do it considering I am looking to do a NAT and not a
bridged connection. For this reason the bridge drops packets.
If you have
Le Mercredi 03 Mars 2010 21:38:18, vous avez icrit :
> > What is the reason why some packets passing on re0 will not be seen on
> > bridge0
> >
> > given I set up the following configuration :
> > bridgename.bridge0
> > add re0
> > up
> >
> > I expected to see all the packets passing on
I work on two ideas,
The first is to bridge gif0 and int_if and nat gif0 and ext_if.
The second is to find a tricke in order to filter mac on bridge and tag.
Could you help me to find a solution preferably for the second one which I
can't figure out how to implement.
Thanks & regards
Le Mercred
Thank you for your help in understanding.
I want to configure a NAT between int_if and ext_if and filter based on MAC
address.
I was going to proceed as follows, but after reading bridge(4) man page I
understand that the following won't work.
If the bridge0 has only one member, int_if, it will
> What is the reason why some packets passing on re0 will not be seen on
> bridge0
> given I set up the following configuration :
>
> bridgename.bridge0
> add re0
> up
>
> I expected to see all the packets passing on re0 on bridge0 too which is
> obviously not the case.
That
Hi,
What is the reason why some packets passing on re0 will not be seen on bridge0
given I set up the following configuration :
bridgename.bridge0
add re0
up
I expected to see all the packets passing on re0 on bridge0 too which is
obviously not the case.
# brconfig
bri
Le Dimanche 21 FC)vrier 2010 11:07:28, Tomas Bodzar a C)crit :
> Yep, see snippet from man page for brconfig(8)
>
> The following commands will tag packets from and to 9:8:7:6:5:4 on fxp0
> so that pf(4) can refer to them using the tagged directive:
>
># brconfig bridge0 rule pass
On Sun, Feb 21, 2010 at 08:26:44PM +1000, David Gwynne wrote:
> i hate to bring this up, but if you have cisco gear with dhcp snooping enabled
> you can enforce this on the switch.
That's probably also the only reasonable place to do it. Thankfully it's
not only cisco that does that nowadays.
St
i hate to bring this up, but if you have cisco gear with dhcp snooping enabled
you can enforce this on the switch.
On 20/02/2010, at 8:49 PM, Jean-Francois wrote:
> Good morning,
>
> Is it possible to do filtering through pf or blocking traffic based of MAC
adress
> recognition ?
>
> We want to i
Yep, see snippet from man page for brconfig(8)
The following commands will tag packets from and to 9:8:7:6:5:4 on fxp0
so that pf(4) can refer to them using the tagged directive:
# brconfig bridge0 rule pass in on fxp0 src 9:8:7:6:5:4 tag boss
# brconfig bridge0 rule
I am not completely sure to understand, is it possible to make a pseudo device
bridged to an interface and marking the packets with a tag according to rules
based on MAC adress and then to take account of the tag in pf while doing NAT
translation to a second interface ?
In my opinion, this migh
"Bret S. Lambert" writes:
> Actually, it doesn't mention brconfig anymore (or is my memory
> failing me, and it never did? quite possible)
If you're on -current, brconfig doesn't exist anymore (merged into
ifconfig). That's likely what you're seeing. It also means bridge
configs will need some
t;
To: Jean-Francois
Cc: misc@openbsd.org
Subject: Re: Filtering based on MAC adress
On Sat, Feb 20, 2010 at 01:19:14PM +0100, Jean-Francois wrote:
> Le Samedi 20 Fivrier 2010 12:21:14, Bret S. Lambert a icrit :
> > On Sat, Feb 20, 2010 at 11:49:54AM +0100, Jean-Francois wrote:
> > &g
On Sat, Feb 20, 2010 at 01:19:14PM +0100, Jean-Francois wrote:
> Le Samedi 20 Fivrier 2010 12:21:14, Bret S. Lambert a icrit :
> > On Sat, Feb 20, 2010 at 11:49:54AM +0100, Jean-Francois wrote:
> > > Good morning,
> > >
> > > Is it possible to do filtering through pf or blocking traffic based of
>
On Sat, Feb 20, 2010 at 01:19:14PM +0100, Jean-Francois wrote:
> Le Samedi 20 Fivrier 2010 12:21:14, Bret S. Lambert a icrit :
> > On Sat, Feb 20, 2010 at 11:49:54AM +0100, Jean-Francois wrote:
> > > Good morning,
> > >
> > > Is it possible to do filtering through pf or blocking traffic based of
>
Le Samedi 20 Fivrier 2010 12:21:14, Bret S. Lambert a icrit :
> On Sat, Feb 20, 2010 at 11:49:54AM +0100, Jean-Francois wrote:
> > Good morning,
> >
> > Is it possible to do filtering through pf or blocking traffic based of
> > MAC adress recognition ?
> >
> > We want to identify the machines on th
On Sat, Feb 20, 2010 at 11:49:54AM +0100, Jean-Francois wrote:
> Good morning,
>
> Is it possible to do filtering through pf or blocking traffic based of MAC
> adress
> recognition ?
>
> We want to identify the machines on the internal network based on their MAC
> adress and filter.
>
> Can t
Good morning,
Is it possible to do filtering through pf or blocking traffic based of MAC
adress
recognition ?
We want to identify the machines on the internal network based on their MAC
adress and filter.
Can tools like pf fo this (not in my actual searches) ? another way ?
Regards
20 matches
Mail list logo
