Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I need the mac address of the originating request of out going packets. Im not sure if im missing something or maybe debian squeeze does not have this functionality? But here is my iptable command and im logging ALL NEW requests out-going (INFO) on eth0
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -j LOG --log-level 6
iptables -A OUTPUT -o eth0 -p udp -m state --state NEW -j LOG --log-level 6
I have this defined so I only am logging OUTgoing traffic...but i still need the source mac from my internal network devices. so this debian box is a router..im logging all out going traffic on eth0(external facing nic) eth1 is internal to my network. I dont care about my internal traffic or traffic coming in, just the traffic going out to the internet.
Thanks!
I can grab the address, but its my router..and using forward vs input. So here is the scenario and why i posted in security.
I have a multi nic debian server at home. I am using as a firewall and using iptables. eth0 on this server is my outside interface. eth1 internal network( router attached). the problem I am running into is, Im only seeing the router MAC and the eth1/eth0 mac. I need the originating request mac. So my laptop/tablets/phones/desktops..etc. but those are all attached to my router. which is behind the fw. So is this possible? Should I use some packet inspection instead? I REALLY REALLY do not want to rely on snort or shorewall or some other software. Thanks!
Hi,
When you use a router between firewall and your client(laptop/tablets/phones/desktops), you can see just the MAC router... and this the prosperity of the ethernet protocol HDLC and also the router limit the collision domain
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.