>
> On Monday 20 May 2002 1:03 pm, Eduardo GARCIA wrote:
>
> > For example my network is 1.2.3.0 and I want that a host with an IP address
> > 10.9.8.7 can navigate. First of all, the host will send arp request to find
> > the MAC of its DNS server (I'll have to redirect it to my DNS), then it
> > will look for its default gateway, etc (I can't work with mobile IP nor
> > change any host configuration).
> >
> > Not any host is allowed to do this, only hosts with known MACs.
>
> Sounds like you want BOOTP / DHCP ?
>
> I don't quite see where IPtables comes into this.... ?
Me neither, what are you aiming at, security tied down to the
mac address? This value can be spoofed just as any other
part and is subject to a big-time man in the middle attack,
so I don't think it buys you anything. Otherwise, I don't see
how it is useful since for the MAC address to have
any meaning, it's gotta be a neighbor w.r.t. OSI layer 1
(I think it's layer 1 anyhoo).
In any case, there is in fact a mac iptables target:
mac
--mac-source [!] address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX.
Note that this only makes sense for packets entering
the PREROUTING, FORWARD or INPUT chains for packets coming from an
ethernet device.
Which can be the predicate for some applicable rule.
On the other hand, maybe you want to assign some arbitrary
IP addresses based on the mac? This is probably possible
by manipulating it in the mangle table.
Probably need some more info here.
-Jeff
