Re: Can iptables manager source mac address?

Re: Can iptables manager source mac address?

[xchris]

On Saturday 19 April 2003 12:21, NetSnake wrote:
>   I use iptables to nat to internet, but I found some user use a proxy
> on intranet, like, 192.168.0.5 can access to internet, 192.168.0.10 can
> not access to internet, now 10 access a proxy on 192.168.0.5, then he
> can access now, I thought in package from 192.168.0.5 must contant some
> information about proxy, like source mac address, this can help me to
> identified users, can iptables do this?

the source address for machine 192.168.0.10 is masqueraded!!
This because in effect it's 192.168.0.5 to access internet.
I guess there is no solution.

bye

Can iptables manager source mac address?

[NetSnake]

  I use iptables to nat to internet, but I found some user use a proxy
on intranet, like, 192.168.0.5 can access to internet, 192.168.0.10 can
not access to internet, now 10 access a proxy on 192.168.0.5, then he
can access now, I thought in package from 192.168.0.5 must contant some
information about proxy, like source mac address, this can help me to
identified users, can iptables do this?

  Thanks.

Re: Can iptables manager source mac address?

[Dharmendra.T]

[-- Attachment #1: Type: text/plain, Size: 952 bytes --]

On Sat, 2003-04-19 at 15:51, NetSnake wrote:

      I use iptables to nat to internet, but I found some user use a proxy
    on intranet, like, 192.168.0.5 can access to internet, 192.168.0.10 can
    not access to internet, now 10 access a proxy on 192.168.0.5, then he
    can access now, I thought in package from 192.168.0.5 must contant some
    information about proxy, like source mac address, this can help me to
    identified users, can iptables do this?
    
      Thanks.
    

You can block based on the mac address. But you should check whether
192.168.0.10 contains the same mac addres or it is getting modified in
proxy server.
-- 
Regards
Dharmendra.T


This message is intended for the addressee only. It may contain
privileged or Confidential information. If you have received this
message in error,please notify the sender and destroy the message
immediately.Unauthorised use or reproduction of this message is strictly
prohibited.

[-- Attachment #2: Type: text/html, Size: 1828 bytes --]

Re: Can iptables manager source mac address?

[John Mathey]

Yes, you can use iptables to validate the mac address, try this:

iptables -A INPUT -m mac --mac-source 00:05:69:00:04:BA  -j ACCEPT

or

iptables -A INPUT -m mac --mac-source ! 00:05:69:00:04:BA -j DROP

you get the idea
Hope this helps
John


At 06:21 PM 4/19/2003 +0800, NetSnake wrote:
>   I use iptables to nat to internet, but I found some user use a proxy
>on intranet, like, 192.168.0.5 can access to internet, 192.168.0.10 can
>not access to internet, now 10 access a proxy on 192.168.0.5, then he
>can access now, I thought in package from 192.168.0.5 must contant some
>information about proxy, like source mac address, this can help me to
>identified users, can iptables do this?
>
>   Thanks.