[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables mac address filtering



On Sat, 2006-09-23 at 22:13, Negative wrote:
> This may be a dumb question but is it possible to use an iptables rule
> for mac address filtering to allow vnc access  from a particular
> machine to one in the office when I'm traveling. That means I'll be
> using various kinds of internet access that I cannot know in advance
> (dhcp ip's, etc.)  I tried  using the client laptop's macaddress  like
> this: 
> 
> I tried iptables -I INPUT 9 -m mac --mac-source macaddr -m state
> --state NEW  -p tcp --dport 5901:5906 -j ACCEPT
> 
> But it appears that the server is getting a mac address from my ISP
> rathere than the originating machine or even my dsl router. If I
> remove the mac match,  I connect just fine. And if I use a machine on
> the same network, I can use the rule above. 

The M in MAC stands for media, with the point being that
it only lives on that particular media - in this case the
local ethernet subnet.  When a packet is forwarded through
a router the ethernet frame is replaced by each new
sending interface.

-- 
  Les Mikesell
    lesmikesell gmail com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]