Filtering by Mac Address

Filtering by Mac Address

[Cupertino Miranda]

Hello everyone,

For one of my current hackings I need to construct the following  
network rules.

I need to disable internet access to all the local network hosts by  
redirecting them the my webserver (allowing to show some web page in  
case of http connection).
Enable internet access by mac address to some of this hosts.

I have currently general NAT rules in gateway machine.

Can someone provide me some details how can I do it.

Thanks a lot

Re: Filtering by Mac Address

[Antonio Augusto (Mancha)]

You probably can use the mac target, passing a --mac-source option to
filter the macs you want to have access to the net.
All other connections should be treated by another rule that will do
some NATing to redirect all the traffic to your web server.
The second part of the solution probably was already discussed
hundreds of times here already, and there are a lot of very good
tutorial on the net on how to to this.

Cheers,
KM

On Wed, Feb 13, 2008 at 2:54 PM, Cupertino Miranda <philfine@gmail.com> wrote:
> Hello everyone,
>
>  For one of my current hackings I need to construct the following
>  network rules.
>
>  I need to disable internet access to all the local network hosts by
>  redirecting them the my webserver (allowing to show some web page in
>  case of http connection).
>  Enable internet access by mac address to some of this hosts.
>
>  I have currently general NAT rules in gateway machine.
>
>  Can someone provide me some details how can I do it.
>
>  Thanks a lot
>  -
>  To unsubscribe from this list: send the line "unsubscribe netfilter" in
>  the body of a message to majordomo@vger.kernel.org
>  More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



-- 
Informação & Segurança - Informações para sua segurança na rede.
http://info-seg.blogspot.com

Re: Filtering by Mac Address

[Jon Wilson]

Cupertino Miranda wrote:
> Hello everyone,
> 
> For one of my current hackings I need to construct the following network 
> rules.
> 
> I need to disable internet access to all the local network hosts by 
> redirecting them the my webserver (allowing to show some web page in 
> case of http connection).
> Enable internet access by mac address to some of this hosts.
> 
> I have currently general NAT rules in gateway machine.
> 
> Can someone provide me some details how can I do it.
> 
> Thanks a lot
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
this is the shell script I wrote for wireless user authentication.

uses prerouting default drop policy to limit to dns and redirect 
http/https traffic.  apache instance redirects everything coming in to 
auth page, can run the shell script

firewall.sh add 00:01:02:03:04:05

to add the mac to allowed range.

should give you what you need.

http://erentil.net/wiki/iptables/auth/

-- 
Jon Wilson