[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: iptables mac address filtering

From: Les Mikesell <lesmikesell gmail com>
To: For users of Fedora Core releases <fedora-list redhat com>
Subject: Re: iptables mac address filtering
Date: Sat, 23 Sep 2006 22:43:03 -0500

On Sat, 2006-09-23 at 22:13, Negative wrote:
> This may be a dumb question but is it possible to use an iptables rule
> for mac address filtering to allow vnc access  from a particular
> machine to one in the office when I'm traveling. That means I'll be
> using various kinds of internet access that I cannot know in advance
> (dhcp ip's, etc.)  I tried  using the client laptop's macaddress  like
> this: 
> 
> I tried iptables -I INPUT 9 -m mac --mac-source macaddr -m state
> --state NEW  -p tcp --dport 5901:5906 -j ACCEPT
> 
> But it appears that the server is getting a mac address from my ISP
> rathere than the originating machine or even my dsl router. If I
> remove the mac match,  I connect just fine. And if I use a machine on
> the same network, I can use the rule above. 

The M in MAC stands for media, with the point being that
it only lives on that particular media - in this case the
local ethernet subnet.  When a packet is forwarded through
a router the ethernet frame is replaced by each new
sending interface.

-- 
  Les Mikesell
    lesmikesell gmail com

References:
- iptables mac address filtering
  - From: Negative

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]