Find the answer to your Linux question:
Results 1 to 3 of 3
I want to allow MAC address based authentication without ip address. For that source mac address is match in PREROUTING . ipset create macbasedusers bitmap:ip,mac range 10.104.1.0/24 ipset add macbasedusers ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2011
    Posts
    26

    ipset ( mac address match in postrouting )


    I want to allow MAC address based authentication without ip address.
    For that source mac address is match in PREROUTING .


    ipset create macbasedusers bitmap:ip,mac range 10.104.1.0/24
    ipset add macbasedusers 10.104.1.122,00:19:b9:76:b9:b8 (Currently I have add ip manually for testing).

    iptables -t mangle -I PREROUTING -m set --match-set macbasedusers src,src -j ACCEPT


    now in POSTROUTING this condition is not match for destination because there is no MAC address match in POSTROUTING its work on ip layer.
    But my requirement is to allow flow only based on MAC ADDRESS. I want to create system in only MAC based authentication is there.


    So how to match MAC ADDRESS in POSTROUTING.???

  2. #2
    Just Joined!
    Join Date
    Jan 2011
    Location
    Fairfax, Virginia, USA
    Posts
    94
    Holly cow this is amazing! Thank you for the insight into ipset ... I never knew this existed.

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    My question is why would you want to do this POST? I see no reason for this to happen POST as this decision should be one of the first ones done before the packet is routed. Why go through all the routing just to drop it in the end?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •