-----Message d'origine-----
De : Lepage Sylvain [mailto:[EMAIL PROTECTED]]
Envoy� : vendredi 19 avril 2002 16:57
� : 'Tony Earnshaw'
Cc : [EMAIL PROTECTED]
Objet : RE: mac match question
> -----Message d'origine-----
> De : Tony Earnshaw [mailto:[EMAIL PROTECTED]]
> Envoy� : vendredi 19 avril 2002 16:17
> � : [EMAIL PROTECTED]
> Cc : [EMAIL PROTECTED]
> Objet : Re: mac match question
>
>
> fre, 2002-04-19 kl. 15:18 skrev Lepage Sylvain:
>
> One by one:
>
> > --1-- iptables -A service-request -p tcp --sport 1024:65535
> --dport 23 -m
> > state --state NEW -j LOG --log-prefix "WithoutMAC"
>
> > --2-- iptables -A service-request -p tcp --sport 1024:65535
> --dport 23 -m
> > state --state NEW -m mac --mac-source CL:IE:NT:00:00:00 -j
> LOG --log-prefix
> > "WithMAC"
>
> 1: You don't need --sport, in as much as NP ports are presupposed.
> You've already qualified the client with a MAC address;
>
ok, but it doesn't hurt
> 2: You only allow NEW connections (syn syn/ack), not NEW,ESTABLISHED;
>
I have a rule at the beginning of my script that allows all the
ESTABLISHED,RELATED connections
> > --3-- iptables -A service-request -p tcp --sport 1024:65535
> --dport 23 -m
> > state --state NEW -m mac --mac-source CL:IE:NT:00:00:00 -j ACCEPT
>
> > When I try to telnet I obtain only the log below:
> >
> > "WithoutMAC" IN=eth2 OUT=
> MAC=SE:RV:ER:00:00:00:CL:IE:NT:00:00:00:08:00
> > SRC=10.0.0.12 DST=10.0.0.14 LEN=48 TOS=0x00 PREC=0x00
> TTL=128 ID=27649 DF
> > PROTO=TCP SPT=3224 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
>
> 3: This does not look like "cut 'n paste" (obviously it
> isn't, but it's
> badly copied). The log prefix wouldn't have quotes, the client mac
> number is 8 octets, server and client mac are concatenated,
> why would it
> give the server mac, etc. etc. Please do it over again.
>
Below I have "cut 'n paste" the log
00:23:45:67:89:ab is the server MAC address (checked with the ifconfig
output)
00:50:bf:52:b3:ac is the client MAC address (checked with ipconfig /all
(windows OS)
"WithoutMAC"IN=eth2 OUT= MAC=00:23:45:67:89:ab:00:50:bf:52:b3:ac:08:00
SRC=10.0.0.12 DST=10.0.0.14 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=36407 DF
PROTO=TCP SPT=1426 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
I used --log-prefix "WithoutMAC".
the concatenated MAC field seems to be the ethernet transmission layer (see
http://www.faqs.org/rfcs/rfc826.html):
48.bit: Ethernet address of destination
48.bit: Ethernet address of sender
16.bit: Protocol type = ether_type$ADDRESS_RESOLUTION
Thank you anyway
> Best,
>
> Tony
>
>
> --
>
> Tony Earnshaw
>
> e-post: [EMAIL PROTECTED]
> www: http://www.billy.demon.nl
> gpg public key: http://www.billy.demon.nl/tonni.armor
>
> Telefoon: (+31) (0)172 530428
> Mobiel: (+31) (0)6 51153356
>
> GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
> 3BE7B981
>
>
>
