wierdness with iptables

• Previous message: Eris Caffee: "RE: cannot get user directories to work (e.g. /~user)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 22 Aug 2005 09:18:32 -0700
To: <redhat-list@redhat.com>

Ok, I have a rule in my iptables which is basically this :

-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT

The idea being if I come in from a machine with mac address A it will
accept it. Well, this does not work.
Everything is rejected, so I added this :

-A -m mac --mac-source <macaddress A> -j LOG
-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT

and tried to ssh into the box. Nothing showed up in the log files. so
then I did this :

-A -m mac --mac-source ! <macaddress A> -j LOG
-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT

and sure enough I get stuff in the log file, but what I get is :

<machine name> kernel: IN:eth0 OUT- MAC=<macaddress of server>:<a bunch
more hex numbers> SRC=<ip number of client machine> DST = <ip number of
this machine> ...... etc

So my question is, why is the source mac address not working, and more
importantly, any ideas as to why
the source mac address seems to always be based off the mac address of
my actual server, not the client connecting?
Or do I have the mac-source element of iptables completely wrong?

Wayner

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

• Previous message: Eris Caffee: "RE: cannot get user directories to work (e.g. /~user)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages RE: How can I get all IP transactions (in/out) logged? ... I am pretty sure freshmeat.net has a tool that uses iptables and puts it into a mysql database...try looking under "monitor" or "uptime" its there somewhere. ... With syslog logging, you will also probably want to look into a syslog ... #2 logs packets out ppp0 sourced from the router/host machine ... > in any of the system log files). ... (Debian-User) Re: log files ... Can you tell me who can i make log files? ... I want to make log file of iptables? ... rule will be display in ACCEPT chain. ... Electronic Mail is not secure, may not be read every day, and should not ... (RedHat) [opensuse] Re: dictionary attacks ... I'll vote for this too, although I would like to get something that uses iptables instead - taking the load off sshd. ... It works for several log files, ... It only falls short when the ssh-login host is in a DMZ, the logs are actually stored and processed on a different host, and the firewall is a 3rd system. ... (SuSE) Re: How to react to "authentication failures" in log file ... Maybe even flush iptables periodically to keep ... IPS systems for intrustion prevention are basically an intrusion ... open source options, including denyhost. ... One can configure which log files to scan, ... (comp.security.ssh) Re: Question on Internet access of vsftp server ... I've been editing the iptables by hand. ... configuration tool that I was using didn't handle the firewall rules ... of the log files in /var/log. ... I've tested FTP from this machine to a .gov server that I ... (RedHat)