how to block mac after routed?
I think I read something somewhere but, can't remember if is true. Once a packet passes through a router the sender's mac address can't be known. Is that true?
Can I do this:
internet ----- debian router/fw (box1) ------ debian router/fw 2 (box2) ----- LAN
I would like to do is serve a to anyone on the LAN from box2, then if someone wants to go out to the internet block it based on MAC on box1. Why not block it on box2 you may ask? Well, I have a long script blocking all sort of ports and other stuff on box2. If I insert some mac filtering at the end or at the beginning of the script then, either the packets will not traverse through the entire script or it would allow access to the department or users I don't want to access the internet.
So, can I really block traffic based on mac address on box1?
Thanks in advanced for your help.