On Tuesday 04 September 2007 11:17, Andrea wrote: > hi all, this is my first message in ml. > > I'm trying to implement a wireless access point using me2000 (busybox > based) over a Wrap routerboard. > > A thing I'm not able to implement is a MAC address filtering feature > like some access point (DLink, for example)does. > > I've tried to use ipfilter mac address filtering (using something like > described here: > http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html ), but > I'm not satisfied of the result: traffic is not permitted, but the > client is connected to the wireless network.
No surprise. You blocked it at "ethernet" level so to speak, but wireless isn't ethernet in fact, although most OSes try to make it look like it is. Wireless protocols (802.11a,b,g,...) actually are far more complex than ethernet. Packets have three or four MACs, not two, they are bigger than ethernet ones but can be split in-flight. Each node can be in different mode. Protocols define: "ad-hoc" mode when members of "cell" constantly emin beacon frames "hey, and btw I'm in cell MYCELL", "infrastructure" (managed, AP client etc) mode when there is an "access point", a master of sorts, and all other cell members are registering themself at. Only AP emits beacons. "master" mode - when you are the AP. and if it's not enough, there is a WDS mode, sort of inter-cell links. IOW, total chaos. Protocol developers should be shot. IIUC you basically want to block clients from coonecting to the AP. First, you should find out what is the current state of affairs in Linux's wireless support (it used to be a mess, maybe it still is). You should learn what is the standard way to ask your wireless device (which is in master mode) to not accept clients with these MACs. If there is no standard way to do it (remeber "Linux's wireless is a mess" part?), the drivers for your device may still support it via driver-specific ioctl/whatever, so go read doc for your particular device and driver. If you will give more details about your wireless card, kernel version and driver you use, maybe someone will be able to help more. -- vda _______________________________________________ busybox mailing list [email protected] http://busybox.net/cgi-bin/mailman/listinfo/busybox
