On Fri, Jul 30, 2010 at 8:06 PM, Wayne Rasmussen <[email protected]>wrote:
> Doesn't this have to be done at the router? IIRC, once a packet passes
> through a router, the mac address in the packet is set to the mac of the
> router.
>
No what you're thinking about is NAT (the source IP of the packets looks
like its the outbound IP of the router).
MAC addresses are obscured as soon as packets are routed.
Plus in 99% of cases the firewall (where original mailer wants to block
traffic based on MAC address) IS routing traffic after a fashion anyway.
The best way to accomplish what he has in mind is to statically map certain
MAC addresses to certain IPs in the DHCP server and create rules based on
these IPs.
Should you not have a lot of control over the DHCP servers then I would
suggest running a different OS with layer2 firewalling capabilities.
>
> ------------------------------
>
> *From:* [email protected] [mailto:
> [email protected]] *On Behalf Of *Gabriele Bulfon
> *Sent:* Wednesday, July 21, 2010 12:14 AM
> *To:* [email protected]
> *Cc:* Jim Sandoz; [email protected]
> *Subject:* Re: RE : mac-address...
>
>
>
> Thx :) sure I do know this is an option, but I'm not administering dhcp
> everywhere, so
> sometimes I have dhcp admins who don't want to implement static dhcp
> mapping, and I
> must find a way to NAT specific machines when I can't rely on ip.
> Why can't ipfilter let me check for mac-address? Where is the issue?
>
>
>
> <http://www.sonicle.com>
>
> Gabriele Bulfon - Sonicle S.r.l.
> Tel +39 028246016 Int. 30 - Fax +39 028243880
> Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY
> http://www.sonicle.com
>
> -= Mail sent through WebTop2 =-
>
>
> ------------------------------
>
>
>
> *Da:* Ross Cameron <[email protected]>
> *A:* Gabriele Bulfon <[email protected]>
> *Cc:* Jim Sandoz <[email protected]> [email protected]
> *Data:* 20 luglio 2010 16.35.47 CEST
> *Oggetto:* Re: RE : mac-address...
>
> Never heard of static DHCP mappings?
>
>
>
>
> "Opportunity is most often missed by people because it is dressed in
> overalls and looks like work."
> Thomas Alva Edison
> Inventor of 1093 patents, including:
> The light bulb, phonogram and motion pictures.
>
>
> On Tue, Jul 20, 2010 at 3:43 PM, Gabriele Bulfon <[email protected]>
> wrote:
>
> This seem an old topic...is there any news about mac-address filtering?
> How could I manage dhcp-hosts nat another way?
>
> I mean: all a company is dhcp, I don't want to do dns lookups, but I want
> some PCs
> to have NAT regardless of their IP.
> What can I do?
>
> Gabriele.
>
>
>
> <http://www.sonicle.com>
>
> Gabriele Bulfon - Sonicle S.r.l.
> Tel +39 028246016 Int. 30 - Fax +39 028243880
> Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY
> http://www.sonicle.com
>
> -= Mail sent through WebTop2 =-
>
>
>
>
>
> ----------------------------------------------------------------------------------
>
> Da: Jim Sandoz <[email protected]>
> A: [email protected]
> Data: 9 febbraio 2006 21.40.59 CET
> Oggetto: Re: RE : mac-address...
>
>
> ipfilter DOES NOT filter on mac address.
>
> jim
>
>
> Koen Martens wrote:
> > I'm pretty sure ipfilter doesn't do mac filtering..
> >
> > Koen
> >
> > Cordonnier Christophe wrote:
> >
> >>Are you sure ?
> >>
> >>-----Message d'origine-----
> >>De : Olivier Nicole [mailto:[email protected]]
> >>Envoyé : mercredi 8 février 2006 10:36
> >>À : Cordonnier Christophe
> >>Cc : [email protected]
> >>Objet : Re: mac-address...
> >>
> >>
> >>>Ipf he can filter on mac-adress ?
> >>
> >>
> >>I'd say it can't.
> >>
> >>Olivier
>
>
>
>
