LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-04-2007, 01:12 PM   #1
blackman890
Member
 
Registered: Oct 2004
Location: Iceland
Posts: 94

Rep: Reputation: 15
How to open port on iptables locked on a specific internal MAC address?


Hello there.

I am currently having a slight problem with our firewall. Basically "transmissions" are locked and all ports locked except for HTTP and HTTPS.

However one developers computer has to have access through the firewall on a specific port (the FTP port, 21).

However I need it so that only this specific computer to be able to get through the Firewall. Therefore I thought of opening a port open only for that computers specific MAC address.

However after some googling I haven't found the right command/rule for this. Can anyone tell me the rule/show me where I can find something like this?.

Thanks in advance.



Sincerely:
Jonatan Nilsson
Iceland

P.S.
Just to clarify: Everything is locked so I thing I may also have to specifie OUT and IN.
 
Old 10-05-2007, 01:14 AM   #2
koobi
Member
 
Registered: Jun 2006
Location: Colombo, Sri Lanka
Distribution: Ubuntu
Posts: 103

Rep: Reputation: 15
i'm very new to iptables but from the manual:
Quote:
mac
--mac-source [!] address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for
packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

i believe this will work for you:
Code:
iptables -A INPUT -p tcp --dport ftp --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
 
Old 10-05-2007, 02:16 AM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
The syntax on that is missing the module. It's like:
Code:
-m mac --mac-source xx:xx:xx:xx:xx:xx
Also, if this is a gateway/firewall setup, in the sense that you want to give someone on the LAN access to an FTP server on the WAN, then you need to use the FORWARD chain.
Code:
iptables -A FORWARD -p TCP -i $LAN_IFACE -o $WAN_IFACE --dport 21 \
-m state --state NEW -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
The returning packets will get picked-up by your RELATED,ESTABLISHED rule.
 
  


Reply

Tags
firewall, iptables, mac address, port


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP Assign ip to specific MAC address gfem Linux - Networking 2 08-02-2007 02:58 PM
iptables - how to filter internal nat'd address neocontrol Linux - Security 14 07-03-2007 03:02 PM
Specific AP (MAC address) association on Ubuntu with Cisco a/b/g PCMCIA card glassyr Linux - Wireless Networking 0 02-20-2007 07:50 AM
Restricting access to a specific port by MAC address caps_phisto Linux - Networking 3 10-23-2006 01:55 PM
get mac address given a specific interface kpachopoulos Programming 6 06-07-2006 02:41 AM


All times are GMT -5. The time now is 05:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration