Hi,
I try to use the mac match to filter packets but there must be something I
am misunderstanding. I just want to make a LAN telnet connection to my
firewall box and I have the next setup:
telnet client : IP 10.0.0.12
MAC CL:IE:NT:00:00:00
telnet server: IP 10.0.0.14
MAC SE:RV:ER:00:00:00
iptables 1.2.5 running on the telnet server, kernel 2.4.8
with a service-request user chain defined as follow
--1-- iptables -A service-request -p tcp --sport 1024:65535 --dport 23 -m
state --state NEW -j LOG --log-prefix "WithoutMAC"
--2-- iptables -A service-request -p tcp --sport 1024:65535 --dport 23 -m
state --state NEW -m mac --mac-source CL:IE:NT:00:00:00 -j LOG --log-prefix
"WithMAC"
--3-- iptables -A service-request -p tcp --sport 1024:65535 --dport 23 -m
state --state NEW -m mac --mac-source CL:IE:NT:00:00:00 -j ACCEPT
When I try to telnet I obtain only the log below:
"WithoutMAC" IN=eth2 OUT= MAC=SE:RV:ER:00:00:00:CL:IE:NT:00:00:00:08:00
SRC=10.0.0.12 DST=10.0.0.14 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=27649 DF
PROTO=TCP SPT=3224 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0
The LOG WithMAC doesn't appear and the telnet connection fails
Does someone know why my rules with the mac adress are not matched by the
telnet incoming packet ?
Thanks in advance
___________________________________
Sylvain LEPAGE
LEA
52 / 54 rue du capitaine Guynemer
92415 - Courbevoie, FRANCE
T: +33 1 49 97 05 38
F: +33 1 49 97 05 31
e-mail : [EMAIL PROTECTED]
___________________________________
