Hi,
I want to create a simple gateway with NAT and I want MAC address (layer2) based access control. I have this for layer3:
which works.
And when I set net.link.ether.ipfw to 1 this stops working because the layer2 packets don't match any of the above rules. While this is fine I can't actually come up with correct rules to allow only certain MAC addresses...
I tried this:
but it doesn't work...
Can anyone give me hand please?
10x
I want to create a simple gateway with NAT and I want MAC address (layer2) based access control. I have this for layer3:
Code:
01000 nat 1 ip from any to any via em0
65000 allow ip from any to any
65535 deny ip from any to anywhich works.
And when I set net.link.ether.ipfw to 1 this stops working because the layer2 packets don't match any of the above rules. While this is fine I can't actually come up with correct rules to allow only certain MAC addresses...
I tried this:
Code:
00100 skipto 64000 ip from any to any MAC any 10:20:30:40:50:60
00100 skipto 1000 ip from any to any not layer2
01000 nat 1 ip from any to any via em0
64000 allow ip from any to any layer2
65000 allow ip from any to any
65535 deny ip from any to anybut it doesn't work...
Can anyone give me hand please?
10x