* Can iptables manager source mac address?
@ 2003-04-16 11:03 NetSnake
2003-04-16 10:51 ` xchris
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: NetSnake @ 2003-04-16 11:03 UTC (permalink / raw)
To: netfilter
I use iptables to nat to internet, but I found some user use a proxy
on intranet, like, 192.168.0.5 can access to internet, 192.168.0.10 can
not access to internet, now 10 access a proxy on 192.168.0.5, then he
can access now, I thought in package from 192.168.0.5 must contant some
information about proxy, like source mac address, this can help me to
identified users, can iptables do this?
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Can iptables manager source mac address?
2003-04-16 11:03 Can iptables manager source mac address? NetSnake
@ 2003-04-16 10:51 ` xchris
2003-04-16 11:09 ` Dharmendra.T
2003-04-18 17:29 ` John Mathey
2 siblings, 0 replies; 4+ messages in thread
From: xchris @ 2003-04-16 10:51 UTC (permalink / raw)
To: NetSnake, netfilter
On Saturday 19 April 2003 12:21, NetSnake wrote:
> I use iptables to nat to internet, but I found some user use a proxy
> on intranet, like, 192.168.0.5 can access to internet, 192.168.0.10 can
> not access to internet, now 10 access a proxy on 192.168.0.5, then he
> can access now, I thought in package from 192.168.0.5 must contant some
> information about proxy, like source mac address, this can help me to
> identified users, can iptables do this?
the source address for machine 192.168.0.10 is masqueraded!!
This because in effect it's 192.168.0.5 to access internet.
I guess there is no solution.
bye
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Can iptables manager source mac address?
2003-04-16 11:03 Can iptables manager source mac address? NetSnake
2003-04-16 10:51 ` xchris
@ 2003-04-16 11:09 ` Dharmendra.T
2003-04-18 17:29 ` John Mathey
2 siblings, 0 replies; 4+ messages in thread
From: Dharmendra.T @ 2003-04-16 11:09 UTC (permalink / raw)
To: NetSnake; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 952 bytes --]
On Sat, 2003-04-19 at 15:51, NetSnake wrote:
I use iptables to nat to internet, but I found some user use a proxy
on intranet, like, 192.168.0.5 can access to internet, 192.168.0.10 can
not access to internet, now 10 access a proxy on 192.168.0.5, then he
can access now, I thought in package from 192.168.0.5 must contant some
information about proxy, like source mac address, this can help me to
identified users, can iptables do this?
Thanks.
You can block based on the mac address. But you should check whether
192.168.0.10 contains the same mac addres or it is getting modified in
proxy server.
--
Regards
Dharmendra.T
This message is intended for the addressee only. It may contain
privileged or Confidential information. If you have received this
message in error,please notify the sender and destroy the message
immediately.Unauthorised use or reproduction of this message is strictly
prohibited.
[-- Attachment #2: Type: text/html, Size: 1828 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Can iptables manager source mac address?
2003-04-16 11:03 Can iptables manager source mac address? NetSnake
2003-04-16 10:51 ` xchris
2003-04-16 11:09 ` Dharmendra.T
@ 2003-04-18 17:29 ` John Mathey
2 siblings, 0 replies; 4+ messages in thread
From: John Mathey @ 2003-04-18 17:29 UTC (permalink / raw)
To: NetSnake, netfilter
Yes, you can use iptables to validate the mac address, try this:
iptables -A INPUT -m mac --mac-source 00:05:69:00:04:BA -j ACCEPT
or
iptables -A INPUT -m mac --mac-source ! 00:05:69:00:04:BA -j DROP
you get the idea
Hope this helps
John
At 06:21 PM 4/19/2003 +0800, NetSnake wrote:
> I use iptables to nat to internet, but I found some user use a proxy
>on intranet, like, 192.168.0.5 can access to internet, 192.168.0.10 can
>not access to internet, now 10 access a proxy on 192.168.0.5, then he
>can access now, I thought in package from 192.168.0.5 must contant some
>information about proxy, like source mac address, this can help me to
>identified users, can iptables do this?
>
> Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-04-18 17:29 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-16 11:03 Can iptables manager source mac address? NetSnake
2003-04-16 10:51 ` xchris
2003-04-16 11:09 ` Dharmendra.T
2003-04-18 17:29 ` John Mathey
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.