Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-11-2008, 04:00 PM   #1
Registered: Sep 2008
Location: Dominican Republic
Distribution: Debian
Posts: 188

Rep: Reputation: 18
how to block mac after routed?


I think I read something somewhere but, can't remember if is true. Once a packet passes through a router the sender's mac address can't be known. Is that true?

Can I do this:

internet ----- debian router/fw (box1) ------ debian router/fw 2 (box2) ----- LAN

I would like to do is serve a to anyone on the LAN from box2, then if someone wants to go out to the internet block it based on MAC on box1. Why not block it on box2 you may ask? Well, I have a long script blocking all sort of ports and other stuff on box2. If I insert some mac filtering at the end or at the beginning of the script then, either the packets will not traverse through the entire script or it would allow access to the department or users I don't want to access the internet.

So, can I really block traffic based on mac address on box1?

Thanks in advanced for your help.
Old 12-11-2008, 05:09 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
your fears are right, it's impossible. a mac address and the internet are real odd bed fellows. if you want to block macs then you should surely want to stop ALL access, and that'd be best served by 802.1x authentication on the local switch. Most requests for this here are about not wanting to implement user based authentication, which is always preferable, if more complex (well.. it's possible for one!)
Old 12-11-2008, 05:14 PM   #3
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
If you map your MAC addresses to specific IP addresses then you can block based on IP address unless box 2 is also a NAT machine. I would expect that you would put NAT on box 1.

Even if you use DHCP for your LAN you can map any hardware address to a permanent IP address on the DHCP server. I do this all the time when I want to have a specific IP address on a machine but I also want to enjoy the auto configuring benefits of DHCP.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how do i block traffic using MAC adress artwell Linux - Enterprise 1 03-07-2007 05:57 AM
can't block MAC Address using iptables Ameii83 Linux - Newbie 2 02-27-2007 07:31 AM
Block all users and allow certain Mac Address georgiozoze Linux - Networking 2 01-18-2007 05:31 AM
block mac address Ammad Linux - General 1 09-11-2005 02:00 PM
DESPERATE : Iptables block users by MAC address. ranjan303 Linux - Security 28 03-29-2005 02:15 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:04 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration