| View previous topic :: View next topic |
| Author |
Message |
dashang
n00b
Joined: 22 Jul 2011
Posts: 40
|
 Posted: Thu Feb 23, 2012 10:07 am Post subject: ipset ( mac address match in postrouting ) |
 |
|
I want to allow MAC address based authentication without ip address.
For that source mac address is match in PREROUTING .
ipset create macbasedusers bitmap:ip,mac range 10.104.1.0/24
ipset add macbasedusers 10.104.1.122,00:19:b9:76:b9:b8 (Currently I have add ip manually for testing).
iptables -t mangle -I PREROUTING -m set --match-set macbasedusers src,src -j ACCEPT
now in POSTROUTING this condition is not match for destination because there is no MAC address match in POSTROUTING its work on ip layer.
But my requirement is to allow flow only based on MAC ADDRESS. I want to create system in only MAC based authentication is there.
So how to match MAC ADDRESS in POSTROUTING.??? |
|
| Back to top |
|
 |
truc
Advocate
Joined: 25 Jul 2005
Posts: 3199
|
| Posted: Wed Feb 29, 2012 10:22 am Post subject: |
|
|
You could probably MARK the packet in PREROUTING and do what you need to do in the POSTROUTING nat chain based on that MARK?
As a side note: mac address are easy to spoof, make sure this is the level of "security" that you want.
_________________
The End of the Internet! |
|
| Back to top |
|
|
|
Networking & Security
