Before you ask, yes I've RTFM ;) which was very imformative and there
are still some things that I have missed.
1/ Is there a way of reloading rules while maintaining the state table
or is this the default? (put another way does flush affect dynamic rules).
2/ we are using state and also shapi
Quick answer would be, not in that scenario. All frames from your NAT
router to your FreeBSD machine are only going to have the SRC MAC of the
NAT router itself, and the DST MAC of the FreeBSD machine if it's
directly connected. You might be able to identify the hosts to a
degree that are be
Hi,
> I'm trying to solve a problem with ipfw2, so would be grateful for help
> from anyone on the list with moving things forward.
This is not an ipfw problem.
> I would like to understand if it's possible to discover the real MAC
> address of a packet that has been NAT'd by another device.
On Aug 30, 2007, at 7:08 AM, Paul Bridger wrote:
I would like to understand if it's possible to discover the real
MAC address of a packet that has been NAT'd by another device.
No. You can only get the real MACs of devices by listening on the
same subnet that the traffic originates from; on
Rule set appended -- anonymizing the rule set while keeping the sense
would be a lot of work and I don't want to trim it down for fear of
dropping something vital. As this network is not exposed to the
internet and the firewall's primary purpose is traffic shaping not
security I'll post it.
Att
Hi
I'm trying to solve a problem with ipfw2, so would be grateful for help
from anyone on the list with moving things forward.
I would like to understand if it's possible to discover the real MAC
address of a packet that has been NAT'd by another device. The scenario
for using this would be
30.08.07 @ 13:19 Russell Fulton wrote:
If anyone wants to have a look at the rule set I'm happy to mail it to
them but I don't want it appearing in a public mail archive ;)
You can simply replace all your IP addresses to strings like X.X.X.X,
Y.Y.Y.Y, Z.Z.Z.0/24 etc., and then post it here.