Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-14-2004, 06:14 AM   #1
LQ Newbie
Registered: Jul 2004
Location: Bucharest, Romania
Posts: 1

Rep: Reputation: 0
Question linux router must grant internet acces based on MAC adresses

Hello everyones !

I must handle the following problem:

I have a medium network (>70 computers with fixed IP addresses), a cable modem internet connection and a linux router (P1/200MHz, 32MB ram, 3.2GB Hdd, cdrom, RHL 8).
Only 8 computers must use the internet connexion and the permission must be granted based on MAC address of their NICs, not by IP addresses (I have my reasons).
Can someone tell me how can I do that or point me to a site containing the adequate documentation ?

Thank You !
Old 07-14-2004, 06:56 AM   #2
Registered: Aug 2003
Distribution: Slackware, Evil Entity
Posts: 63

Rep: Reputation: 15
If you have/or dont mind installing squid proxy server on the box squid can do permistions based on mac/ip/user and pass and a few others.

You will need to do a fair bit of reading but

Also acts as a cache so things are saced for later use.
Old 07-14-2004, 07:51 AM   #3
LQ Newbie
Registered: Jul 2004
Posts: 29

Rep: Reputation: 15
I'd be interested in a pure linux routing solution without the need of squid or some other proxy service. With squid I'm only capable of limiting MAC to squid services (http, ftp and even other services) but not to base the whole routing (every ip paket on every port) on the MAC.
Old 07-14-2004, 10:55 PM   #4
Senior Member
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
This post should give you a proper direction.
Old 07-15-2004, 02:56 AM   #5
LQ Newbie
Registered: Jul 2004
Posts: 29

Rep: Reputation: 15
Exactly what I was looking for. Should have taken a deeper look on iptables -m parameter myself. Thanks for the hint!
Old 07-15-2004, 05:48 AM   #6
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
filtering on mac address isnt a good idea.
now a days mac addresses can be easily changed thats why good firewalls like Packet Filter havent any option to filter on mac address.

as ur all clients are on same lan any one can learn all macs very easily.
better to make vpn server or pppoe server for username password based authentication.
Old 07-15-2004, 05:56 AM   #7
LQ Newbie
Registered: Jul 2004
Posts: 29

Rep: Reputation: 15
Filtering on MAC isn't a good idea as long as you don't use other security options - but in addition I think this is a quite good thing to do.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
reject certain mac-adresses ekkins Linux - Networking 1 06-19-2005 06:14 PM
Internet Acces over Router CloudBuilder Fedora 4 06-13-2005 05:58 PM
Multiple MAC Adresses to one NIC? cjs500 Linux - Networking 8 04-29-2005 03:36 AM
samba acces router ruben0076 Linux - Networking 2 01-22-2005 07:14 AM
noFTP acces via Internet on Debian 3.0 box on a LAN network with Netgear rp614 router ferry Linux - Networking 2 08-16-2004 12:33 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:17 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration