fre, 2002-04-19 kl. 15:18 skrev Lepage Sylvain: One by one:
> --1-- iptables -A service-request -p tcp --sport 1024:65535 --dport 23 -m > state --state NEW -j LOG --log-prefix "WithoutMAC" > --2-- iptables -A service-request -p tcp --sport 1024:65535 --dport 23 -m > state --state NEW -m mac --mac-source CL:IE:NT:00:00:00 -j LOG --log-prefix > "WithMAC" 1: You don't need --sport, in as much as NP ports are presupposed. You've already qualified the client with a MAC address; 2: You only allow NEW connections (syn syn/ack), not NEW,ESTABLISHED; > --3-- iptables -A service-request -p tcp --sport 1024:65535 --dport 23 -m > state --state NEW -m mac --mac-source CL:IE:NT:00:00:00 -j ACCEPT > When I try to telnet I obtain only the log below: > > "WithoutMAC" IN=eth2 OUT= MAC=SE:RV:ER:00:00:00:CL:IE:NT:00:00:00:08:00 > SRC=10.0.0.12 DST=10.0.0.14 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=27649 DF > PROTO=TCP SPT=3224 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0 3: This does not look like "cut 'n paste" (obviously it isn't, but it's badly copied). The log prefix wouldn't have quotes, the client mac number is 8 octets, server and client mac are concatenated, why would it give the server mac, etc. etc. Please do it over again. Best, Tony -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
