Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-30-2004, 11:59 PM   #1
Registered: Jul 2004
Location: USA
Distribution: Slackware, FreeBSD, LFS
Posts: 72

Rep: Reputation: 15
Cool MAC address iptables questions

While checking out my iptables generated logs, I noticed that the mac address of
most of the entries were the same. The MAC address shown is also much longer
than a traditional MAC address. It's also impossible that all these entries were
generated from the same piece of equipment, so I'm left wondering, how did I
get this address in my logs?

Is this some kind of default entry generated by iptables? Is it the address of my ISP gateway?

I guess I'm a little foggy on how MAC works inside a packet. Does an internet
transmitted packet retain it's source MAC through it's whole journey, or is this
something that changes hop to hop?

Thanks for any clarification, or links
Old 10-01-2004, 11:34 AM   #2
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
MAC addresses are 6 octets, i.e. 48bits. They're displayed as 6 fields of 2 hex digits. These addresses are used by hardware devices to know where to send frames at the lowest network layer (link layer, AKA layer 2). Since MAC addrs are only used by hardware, the original host's MAC is not sent along the entire life of a datagram. Each hardware device that performs routing has it's own MAC, so firewalls, routers, intelligent bridges, etc all have MACs.

Is it the address of my ISP gateway?
Close, it's the MAC of the internal interface of your broadband router.
Old 10-01-2004, 01:26 PM   #3
Registered: Jul 2004
Location: USA
Distribution: Slackware, FreeBSD, LFS
Posts: 72

Original Poster
Rep: Reputation: 15
Thanks Chort


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES rules with mac address? xpathfinder Linux - Security 3 12-11-2005 09:23 PM
Iptables/Mac address InJesus Linux - Security 3 11-17-2005 05:57 AM
blocking mac address using iptables Kendo1979 Linux - Networking 9 10-25-2004 04:09 AM
MAC Address + IPTABLES yvesg Linux - Networking 1 05-10-2004 08:36 PM
logsnorter-0.2 iptables MAC address toovato Linux - Security 9 10-30-2003 06:47 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:42 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration