Configure iptables to allows list of MAC address


 
Thread Tools Search this Thread
Special Forums Cybersecurity Configure iptables to allows list of MAC address
# 1  
Old 05-31-2011
Configure iptables to allows list of MAC address

Hi all,

I want to make this nw diagram:

Small NW ---(eth1)-- Linux iptables --(eth0)---LAN NW


And with these requirements:

1. Allow only 1 Mac address aa-aa-aa-aa-aa-aa from Small NW to LAN NW

2. Allow list of Mac addresses from LAN NW access to Small NW

What will I need to do?
Thanks for your support in advance.
# 2  
Old 05-31-2011
I suppose you could ping each subnet's broadcast, collect IPs, ping each and then dump the arp cache for MACs.
# 3  
Old 06-03-2011
Use this, assuming you don't have any other iptables configuration:
Code:
iptables -A FORWARD -i eth1 -o eth0 -m mac --mac-source aa:aa:aa:aa:aa:aa -j ACCEPT

For the list of MAC addresses, assuming these are stored in a file line by line (mac_addresses_file), you can use:
Code:
for MAC in `cat mac_addresses_file`; do
  iptables -A FORWARD -i eth0 -o eth1 -m mac --mac-source $MAC -j ACCEPT
done

And then drop the rest of the traffic (if this is what you want):
Code:
iptables -P FORWARD  DROP

The lines above will allow the host with MAC aa:aa:aa:aa:aa:aa from Small NW to communicate with the hosts with the MAC addresses from the file from LAN NW and the other way around.

If you want more details, you should give more information regarding the services that the users can access and about the entire network topology.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. IP Networking

MAC Address - Four Interfaces with the same MAC Address

four interfaces with ifconfig all interfaces have the same mac. If is not set for unique. but it still works. what difference does it make to have all macs the same or different? (4 Replies)
Discussion started by: rrodgers
4 Replies

2. IP Networking

Configure squid to listen on any IP address with port 80

Hi, I am trying to configure a transparent squid cache. When I try to use the below option in squid.conf, squid listens on port 80 only for the IP address configured on the system's interface. http_port 80 transparent But I want squid to accept connections for any IP address on port 80.... (3 Replies)
Discussion started by: Learner32
3 Replies

3. Solaris

to configure ip address

i have installed solaris 10 on my vmware..please tell me how i can configure ip addres and other things so that i can use internet (2 Replies)
Discussion started by: shekhar_4_u
2 Replies

4. Shell Programming and Scripting

configure from address in mailx command

Hi, I need to configure customized from address in mailx command. Can you pls tell me the option for configuring from address. Thanks Latika (9 Replies)
Discussion started by: latika
9 Replies

5. IP Networking

Tracing a MAC address to IP address: Solaris

Hi there I lost connectivity to one of our remote systems and when I checked the messages log I found the following: Aug 10 23:42:34 host xntpd: time reset (step) 1.681729 s Aug 16 13:20:51 host ip: WARNING: node "mac address" is using our IP address x.x.x.x on aggr1 Aug 16 13:20:51 host... (9 Replies)
Discussion started by: notreallyhere
9 Replies

6. Solaris

How to Configure a Static Ip Address

Hello friend, I am new in UNIX, but I want to learn a lot Well I have a problem to try to configure my PC with a static IP Address (IP 192.168.1.39, Mask 255.255.255.0, gateway 192.168.1.1) (DNS 200.48.225.130 and 200.48.225.146). where are the file that I must be change? The SO is Sun Solaris... (15 Replies)
Discussion started by: andresguillen
15 Replies

7. IP Networking

How to Achive IP address through MAC(Ethernet) address

Hi sir, i want to make such programe which takes MAC(Ethernet) address of any host & give me its IP address....... but i'm nt getting that how i can pass the MAC address to Frame........ Please give me an idea for making such program... Thanks & regards Krishna (3 Replies)
Discussion started by: krishnacins
3 Replies

8. IP Networking

trying to configure DNS address in Solaris

hi to all. I'm trying to use the sendmail command to generate some reports and I cant use it. The mails i try to send simply won't go out, instead I receive a response from the system sayng that the host is unknown. I think the problem is in the DNS configuration (or the IMAP/SMTP servers). ... (3 Replies)
Discussion started by: ldrojasm
3 Replies
Login or Register to Ask a Question