Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-01-2006, 10:00 AM
|
#1
|
Member
Registered: Feb 2003
Posts: 159
Rep:
|
MAC Filtering
I am trying to add MAC Filtering in our network. From what I have read, this command will allow the MAC address to get through the firewall.
$IPTABLES -A INPUT -m mac --mac-source 08:00:46:99:CB:96 -j ACCEPT
First, is this all I need? Second, will I have any problems since I am also using NAT? Thanks for the help.
|
|
|
06-02-2006, 06:09 AM
|
#2
|
Senior Member
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515
Rep:
|
I think MAC addresses can be spoofed, so you should look at other security measures as well. And, in general, the more securiy, the better...
NAT, or Network Address Translation, does nothing more than translating IP addresses (ie hiding a computer's real IP address by replacing it with the NAT device's IP). Since IP addresses are located in a higher layer than the physical MAC addresses, NAT shouldn't interfere with MAC address filtering.
But try it and you will see...
|
|
|
06-02-2006, 03:25 PM
|
#3
|
Member
Registered: Feb 2003
Posts: 159
Original Poster
Rep:
|
I'll be honest and have not read about MAC spoofing. For right now, I believe it will suit my needs. I have a small network with 13 people out here in Iraq. The problem is people are letting their friends hook up their computers to internet they did not pay for. I just need something that will keep them offline. This is the simplest way that I know. I am currently running FC 5 w/ 2 nics as a router. I have a firewall to protect us as well as bandwidthd to graph traffic. I am working on installing bandwidth quotas ( rate at which people can download). The only problem I am having is I am running Firestarter (my firewall) which does not include MAC filtering. Can I flush out my iptables rules ( I am currently not even using iptables) and enable it and use it to do my MAC filtering? If so, how will this need to be setup? Will this cause a problem with my firewall?
|
|
|
06-06-2006, 03:20 AM
|
#4
|
Senior Member
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515
Rep:
|
Check out a tool called arpwatch.
iptables, as the name suggests, is a firewall that works on TCP/IP packets. MAC (or physical) network addresses are at a lower layer, so they shouldn't affect iptables.
I'm not using Firestarter, so I can't help you with that.
|
|
|
All times are GMT -5. The time now is 06:19 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|