Quick answer would be, not in that scenario. All frames from your NAT
router to your FreeBSD machine are only going to have the SRC MAC of the
NAT router itself, and the DST MAC of the FreeBSD machine if it's
directly connected. You might be able to identify the hosts to a
degree that are behind the router by using some type of passive OS
identification. The easiest way to get what you want would be to replace
the wireless NAT router with an access point which will allow you to
bridge your wireless hosts directly to your wired network, and finally
to your FreeBSD machine, use FreeBSD to do your NAT.
Chris Bowman
Paul Bridger wrote:
Hi
I'm trying to solve a problem with ipfw2, so would be grateful for
help from anyone on the list with moving things forward.
I would like to understand if it's possible to discover the real MAC
address of a packet that has been NAT'd by another device. The
scenario for using this would be for hosts on a wireless LAN that
connect to a wireles router which NAT's their connection and then
routes the packets to another LAN (across a wire) where a FreeBSD
server performs firewall packet filtering via ipfw2. As all the
connections from the hosts on the wireless LAN have had their MAC and
IP addresses NAT'd to that of the wireless router, it is difficult to
distinguish between hosts, unless some form of deep packet inspection
could be performed to discover the true MAC address. Is this
something that would be possible with ipfw2?
Thank you.
-Paul
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
