LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 10-20-2006, 03:06 PM   #1
caps_phisto
Member
 
Registered: Sep 2004
Location: NH
Distribution: FC6, FC1-4, RH9, Gentoo 2006.0/1, Slackware 10.1/2,11, Vector SOHO 5.0.1
Posts: 237

Rep: Reputation: 30
Restricting access to a specific port by MAC address


Here is my scenario:

I have one laptop that I wish to use OpenVPN with to another server. This laptop resides on a Wireless Network which gets SNAT'd to a wired network via IPtables and a Linux router. At the moment ANY laptop with OpenVPN can access the VPN server on the wired network.

I wish to restrict access to the OpenVPN port (I am using the default 1194 for simplicity) to the single MAC address of the one laptop I wish to use. How could this be done?

Thanks in advance

PS -
If that cannot be done, how about this solution.
Let's say I put an additional NIC in the Linux Router that goes to the same wired network. How could I set the above one laptop to use that NIC instaead of the regular one? Thus at that point I could give the second NIC a different IP and set my OpenVPN server to only accept connections from the second NIC.
 
Old 10-20-2006, 04:58 PM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 77
I am not sure of a solution purely within OpenVPN, as I have not had the pleasure of using it yet. However, I do know that iptables can filter based on MAC address. You will need the MAC match extension enabled in your kernel. Also, do be aware that MAC addresses are trivial spoofed...
 
Old 10-23-2006, 05:05 AM   #3
andrewdodsworth
Member
 
Registered: Oct 2003
Location: United Kingdom
Distribution: SuSE 10.0 - 11.4
Posts: 347

Rep: Reputation: 30
Not sure I understand the problem - if you control the OpenVPN server and only want one laptop to access it then generating new keys for the server and client will secure it?
 
Old 10-23-2006, 02:55 PM   #4
caps_phisto
Member
 
Registered: Sep 2004
Location: NH
Distribution: FC6, FC1-4, RH9, Gentoo 2006.0/1, Slackware 10.1/2,11, Vector SOHO 5.0.1
Posts: 237

Original Poster
Rep: Reputation: 30
Yes. Sorry. I was not familiar with OpenVPN's certificate/keys procedure when I posted it. the certs/key combinations are sufficient.

Thanks alot!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting access to a port based upon uid? Termina Linux - Security 2 08-20-2006 11:32 AM
get mac address given a specific interface kpachopoulos Programming 6 06-07-2006 03:41 AM
bridge port mac address fssengg Linux - Networking 3 05-30-2005 08:41 AM
restricting service based on mac address sixth_sense Linux - Networking 3 09-28-2004 09:59 PM
Relay email for specific domains to an external address on a non-standard port BaDaBooM Linux - Networking 2 03-18-2003 11:40 PM


All times are GMT -5. The time now is 10:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration