Packet passtrough based on mac address
-
Hi all,
Long story short, i need to packets filtered on mac address to passed through a pfSense router.
Some more info ;)
I'm from Belgium, an isp (Telenet) here is using a settop box called digicorder of digibox (based on the function of the device)
It need a direct connection to the modem from the isp, there can be switches in the path but no routers.
The only thing i can filter on is a mac address.
There are 2 options for the modem, 1 is a modem only and another is a modem, router and wifi combined.
When you got a combined modem the digicorder ask for a internal ip 192.168.x.x from the router with a mac address and a second mac address ask a 10.x.x.x address from the isp servers for additional functionality (interactive, play on demand, those kind off things)Now i got a modem only and i need the explained functionality from pfSense if possible. So 1 mac address gets an internal ip address from my pfSense box. The other mac address need to send the packets to and from the modem off the isp as if there is no router (pfSense) in between.
i know that it is layer 2 things on a layer 3 devices, i do have got ccna training, so i'm not a beginner, butt i'm not an expert by any stretch of the imagination. So maybe there is someone with more knowledge then me that knows how to do it. if it can be done.
Maybe you can explain to me why it can't be done?
i don't know the limits off pfSense.any advice is welcome,
Greetz Tiniduske
-
Firewall / Interfaces / Bridges
Just bridge the lan with the wan port
The Lan port on the pfsense don't need to have one IP. but has to be enable
For testing setup a rule on the firewall to allow all traffic from wan to the Lan and bridge port.
The modem from your ISP schooled be able to send all the setting for your setupbox
-
The Lan port on the pfsense don't need to have one IP.
Great idea.
The LAN port is where the WebGUI is bond to. No IP - no access. Better use an unmanaged switch instead of hilarious ideas. -
So 1 mac address gets an internal ip address from my pfSense box. The other mac address need to send the packets to and from the modem off the isp as if there is no router (pfSense) in between.
On which VLANs does that happen?
-
The Lan port on the pfsense don't need to have one IP.
Great idea.
The LAN port is where the WebGUI is bond to. No IP - no access. Better use an unmanaged switch instead of hilarious ideas.Lan port <> Management port.
The lan port to be used will be never the management port.
Next time i will try to be explicit :)
It works for me. -
On which VLANs does that happen?
i don't know, that a maybe can get discovered with wireshark.
butt i can't have any vlan switching apart from one switch. or i gonna need to buy a few new switches.
@5E:
Just bridge the lan with the wan port
not an option
i need the router (dhcp/NAT) function from the pfsense, i have a separate dns server running.
i used to have a linksys router (cisco time) and then i had 1 lan port in bridge to the wan, butt that's not possible anymore.i got a tip for using a static dhcp for that mac address, and then a custom firewall rule, maybe is that an option.
my network setup
modem only -> pfSense -> unmanaged switch (8 ports) -> 3 pc's, 1 printer, 2 digicorders |-> lite managed switch (24 ports) -> servers |-> unmanaged switch (16 ports)-> 2 pc's, printer, digicorder, ps3
