Re: IP + MAC filter - wireless client

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: IP + MAC filter -  wireless client
Date: Thu, 05 May 2005 11:24:50 -0500	[thread overview]
Message-ID: <427A48D2.6070202@riverviewtech.net> (raw)
In-Reply-To: <d2c267d2bde2.d2bde2d2c267@vsnl.net>

> We have an AP that transmits via a omni antenna.
> 
> On the client side we have AP in client mode.
> 
> What I see that in these wireless devices we have 
> atleast two MAC address : 
> 
> 1. The lan MAC address.
> 2. The wireless MAC address.

I suppose this is normal.

> So for every client we have :
> 
> 1. The lan MAC address.
> 2. The wireless MAC address.
> 3. The ethernet MAC address.

This is contrary to everything that I know of when you are talking about Ethernet Layer 2 (802.2 Link Level Control) networking standard with hubs and switching.  If this is indeed the case I'm not sure why this is the case.

> In wireless networing when we did mac filtering
> we had to enter all three for the client to gain
> access.

What filtering were you doing?  Was it the allowed source and / or destination MAC addresses in your wireless devices?  If so you may have had to do this for the AP transceiver to allow the traffic to flow through correctly, but this does not seem like an Ethernet Layer 2 (802.2 Link Level Control) network issue but more one of wireless. 802.2 LLC specifically allows for one source and one destination MAC address in the frame.  I say 802.2 LLC because ethernet, fiber, wireless are all starting to use / have been using 802.2 LLC frames for a long time now.  This is really what is making ""ethernet so compatible with other equipment / technologies.

Have you tried to set up any iptables rules rules to match just the client MAC (and IP)?  Do you see any packets passing through that rule?

> Based on that I was wondering how would you one handle 
> these wireless clients using iptables.
> 
> Thanks

No problem.

next      parent reply	other threads:[~2005-05-05 16:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <d2c267d2bde2.d2bde2d2c267@vsnl.net>
2005-05-05 16:24 ` Taylor, Grant [this message]
2005-05-05  5:58 IP + MAC filter - wireless client varun_saa
2005-05-05  8:10 ` Taylor, Grant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=427A48D2.6070202@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox