On Fri, Jul 30, 2010 at 8:06 PM, Wayne Rasmussen <wa...@gomonarch.com> wrote:
Doesn't this have to be done at the router? IIRC, once a packet passes through a router, the mac address in the packet is set to the mac of the router.
No what you're thinking about is NAT (the source IP of the packets looks like its the outbound IP of the router).
MAC addresses are obscured as soon as packets are routed.
Plus in 99% of cases the firewall (where original mailer wants to block traffic based on MAC address) IS routing traffic after a fashion anyway.
The best way to accomplish what he has in mind is to statically map certain MAC addresses to certain IPs in the DHCP server and create rules based on these IPs.
Should you not have a lot of control over the DHCP servers then I would suggest running a different OS with layer2 firewalling capabilities.
From: owner-i...@coombs.anu.edu.au [mailto:owner-i...@coombs.anu.edu.au] On Behalf Of Gabriele Bulfon
Sent: Wednesday, July 21, 2010 12:14 AM
To: ross.c...@linuxpro.co.za
Cc: Jim Sandoz; ipfi...@coombs.anu.edu.au
Subject: Re: RE : mac-address...
Thx :) sure I do know this is an option, but I'm not administering dhcp everywhere, so
sometimes I have dhcp admins who don't want to implement static dhcp mapping, and I
must find a way to NAT specific machines when I can't rely on ip.
Why can't ipfilter let me check for mac-address? Where is the issue?
Gabriele Bulfon - Sonicle S.r.l.
Tel +39 028246016 Int. 30 - Fax +39 028243880
Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY
http://www.sonicle.com-= Mail sent through WebTop2 =-
Da: Ross Cameron <ross.c...@linuxpro.co.za>
A: Gabriele Bulfon <gbu...@sonicle.com>
Cc: Jim Sandoz <san...@lucent.com> ipfi...@coombs.anu.edu.au
Data: 20 luglio 2010 16.35.47 CEST
Oggetto: Re: RE : mac-address...
Never heard of static DHCP mappings?
"Opportunity is most often missed by people because it is dressed in overalls and looks like work."
Thomas Alva Edison
Inventor of 1093 patents, including:
The light bulb, phonogram and motion pictures.
On Tue, Jul 20, 2010 at 3:43 PM, Gabriele Bulfon <gbu...@sonicle.com> wrote:
This seem an old topic...is there any news about mac-address filtering?
How could I manage dhcp-hosts nat another way?
I mean: all a company is dhcp, I don't want to do dns lookups, but I want some PCs
to have NAT regardless of their IP.
What can I do?
Gabriele.
Gabriele Bulfon - Sonicle S.r.l.
Tel +39 028246016 Int. 30 - Fax +39 028243880
Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY
http://www.sonicle.com-= Mail sent through WebTop2 =-
----------------------------------------------------------------------------------
Da: Jim Sandoz <san...@lucent.com>
A: ipfi...@coombs.anu.edu.au
Data: 9 febbraio 2006 21.40.59 CET
Oggetto: Re: RE : mac-address...
ipfilter DOES NOT filter on mac address.
jim
Koen Martens wrote:
> I'm pretty sure ipfilter doesn't do mac filtering..
>
> Koen
>
> Cordonnier Christophe wrote:
>
>>Are you sure ?
>>
>>-----Message d'origine-----
>>De : Olivier Nicole [mailto:o...@cs.ait.ac.th]
>>Envoyé : mercredi 8 février 2006 10:36
>>À : Cordonnier Christophe
>>Cc : ipfi...@coombs.anu.edu.au
>>Objet : Re: mac-address...
>>
>>
>>>Ipf he can filter on mac-adress ?
>>
>>
>>I'd say it can't.
>>
>>Olivier
-- +============================================================+ | | | Климов Евгений, Jim Klimov | | технический директор CTO | | ЗАО "ЦОС и ВТ" JSC COS&HT | | | | +7-903-7705859 (cellular) mailto:jimk...@cos.ru | | CC:ad...@cos.ru,jimk...@mail.ru | +============================================================+ | () ascii ribbon campaign - against html mail | | /\ - against microsoft attachments | +============================================================+