Mac filtering with ipfw2
Hello, I have tried and tried and tried to get mac filtering to work with ipfw2. I have tried the usual sources (Google Groups, google, mailling list, man pages, etc). Here it goes: I basically want to allow traffic to come from one mac address. I am trying to get the following rule to work: ipfw add accept tcp from any to any MAC any 10:20:30:40:50:60 Yes, ipfw2 is on my freebsd system. This rule is basically: allow traffic from mac address 10:20:30:40:50:60 to anywhere on the network. What am I doing wrong? - Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mac filtering with ipfw2
On Aug 31, 2004, at 12:07 PM, Steve Quezadas wrote: I basically want to allow traffic to come from one mac address. I am trying to get the following rule to work: ipfw add accept tcp from any to any MAC any 10:20:30:40:50:60 OK, that looks about right. Yes, ipfw2 is on my freebsd system. This rule is basically: allow traffic from mac address 10:20:30:40:50:60 to anywhere on the network. What am I doing wrong? Dunno. You've told us what you want to do, but you haven't told us what the problem is that you are having. If you add the log keyword to your rules, you might have a better shot at seeing what they are doing; also look at ipfw -a list. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mac filtering with ipfw2
On Tuesday 31 August 2004 18:07, Steve Quezadas wrote: Hello, I have tried and tried and tried to get mac filtering to work with ipfw2. I have tried the usual sources (Google Groups, google, mailling list, man pages, etc). Here it goes: I basically want to allow traffic to come from one mac address. I am trying to get the following rule to work: ipfw add accept tcp from any to any MAC any 10:20:30:40:50:60 Yes, ipfw2 is on my freebsd system. This rule is basically: allow traffic from mac address 10:20:30:40:50:60 to anywhere on the network. What am I doing wrong? Did you set the sysctl net.link.ether.ipfw=1? You can do this in /etc/sysctl.conf or via the sysctl command. If you want to establish any kind of useful communication, you need to allow incoming and outgoing traffic for the specified MAC. # ipfw add pass MAC any 10:20:30:40:50:60 # ipfw add pass MAC 10:20:30:40:50:60 any To use arp requests (which are addressed to ff:ff:ff:ff:ff:ff) you need to allow them a way out, too. # ipfw add pass MAC any ff:ff:ff:ff:ff:ff Cheers, ch -- Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x941B6B0B OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu pgpYBBCA4Pdxq.pgp Description: signature
