wlan0 problem

Taking care of your Linux box.

wlan0 problem

Postby shahzad » Sat Mar 13, 2004 12:31 pm

Salam!

i have got the following script from this forum, but i m confused on this term "wlan0" what does it mean, is it resembling to my eth0 of my network from which my server will accept requests from the clients.. please respond :) thanks in advance

#clear and re-create the maccheck table
iptables -t mangle -F maccheck
iptables -t mangle -X maccheck
iptables -t mangle -N maccheck

# if a request comes in from wlan0, check its MAC by jumping to the maccheck table
iptables -t mangle -I PREROUTING -i wlan0 -p tcp -j maccheck

# create the maccheck table of allowed MACs
allowed_mac="iptables -t mangle -A maccheck -m mac -j RETURN --mac-source "

# if any of these match the current MAC, we return from this table without
# doing anything
$allowed_mac 00:11:22:33:44:55
$allowed_mac 11:22:33:44:55:66

# otherwise, give any disallowed MAC address the mark 1 and log it
iptables -t mangle -A maccheck -j MARK --set-mark 1
iptables -t mangle -A maccheck -j LOG --log-prefix="set mark 1: "
iptables -t mangle -A maccheck -j RETURN

# do something with marked requests -- like force them to the local webserver's
# port 81 no matter what their intended destination
iptables -t nat -A PREROUTING -m mark --mark 1 -p tcp --destination-port 80 -j DNAT --to-destination=192.168.0.1:81
There is no glory without sufferings...
shahzad
Lance Naik
 
Posts: 19
Joined: Wed Mar 03, 2004 6:10 pm
Website: http://comradblues.spymac.net
WLM: asm4c@hotmail.com
Yahoo Messenger: shezibhai@yahoo.com
Location: Pakistan

Postby farhantoqeer » Sat Mar 13, 2004 12:40 pm

i guess it is for wireless lan.
A: Yes
Q: Is top-posting bad?
farhantoqeer
Major General
 
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Website: http://www.emergen.biz
Location: Karachi

hmm thanks but ...

Postby shahzad » Sat Mar 13, 2004 12:46 pm

thanks for replying!

but i want some of the clients on my network to access internet, like if i want to put only few clients mac addresses for allowing them to use internet and for others their packets will be dropped, if their mac address is not specified on the script. Then what should i edit in my script, so that it can work for my local network, instead of wireless lan... thanks
There is no glory without sufferings...
shahzad
Lance Naik
 
Posts: 19
Joined: Wed Mar 03, 2004 6:10 pm
Website: http://comradblues.spymac.net
WLM: asm4c@hotmail.com
Yahoo Messenger: shezibhai@yahoo.com
Location: Pakistan

Re:

Postby LinuxFreaK » Sat Mar 13, 2004 8:45 pm

Dear shahzad,
Salam,

Just add their MAC Address in your /etc/rc.d/rc.local and allow them througth IPtables.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

hmm.

Postby shahzad » Sat Mar 13, 2004 9:44 pm

salam!

can you please give me the syntax of allowing mac addresses in /etc/rc.local, without writing the one lengthy mac script...
There is no glory without sufferings...
shahzad
Lance Naik
 
Posts: 19
Joined: Wed Mar 03, 2004 6:10 pm
Website: http://comradblues.spymac.net
WLM: asm4c@hotmail.com
Yahoo Messenger: shezibhai@yahoo.com
Location: Pakistan

Re: hmm.

Postby LinuxFreaK » Sat Mar 13, 2004 9:48 pm

Dear Shahzad,
Salam,

shahzad wrote:can you please give me the syntax of allowing mac addresses in /etc/rc.local, without writing the one lengthy mac script...


The following code will block users whose mac address are 00:20:18:8a:31:41 and 00:C0:DF:0A:5D:89 and if you want to allow them just comment the iptable command.

Code: Select all

#                               Blocked Users
iptables -I INPUT -p all -m mac --mac-source 00:20:18:8a:31:41 -j DROP
#
iptables -I INPUT -p all -m mac --mac-source 00:C0:DF:0A:5D:89 -j DROP


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

thanks! but still got problem

Postby shahzad » Sat Mar 13, 2004 10:14 pm

thanks for replying Freak...

But actually you have mentioned the syntax of blocking users with mac addresses that u specify. But i want that i only put the allow list of my client's mac addresses, and other users with different mac addresses that are not allowed in my list will be blocked. Is there any syntax through which i can block all the clients on my network, and when i specify the only allowed mac address list on the /etc/rc.local . then it will allow only those clients on my network, whose mac address is specified in the /etc/rc.local file to be allowed... Thanks.
There is no glory without sufferings...
shahzad
Lance Naik
 
Posts: 19
Joined: Wed Mar 03, 2004 6:10 pm
Website: http://comradblues.spymac.net
WLM: asm4c@hotmail.com
Yahoo Messenger: shezibhai@yahoo.com
Location: Pakistan

Re:

Postby LinuxFreaK » Sat Mar 13, 2004 10:42 pm

Dear shahzad,
Salam,

Code: Select all

/sbin/iptables -A INPUT -p tcp -j MAC_RULE

iptables -N MAC_RULE

iptables -A MAC_RULE -j DROP

iptables -N MAC_RULE
iptables -A MAC_RULE -j ACCEPT -m mac --mac-source 00:07:40:4C:EE:00
iptables -A MAC_RULE -j DROP

# old mac blocking rules
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 08:00:46:67:B1:5E
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 00:08:0D:EF:13:12
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 00:07:40:1C:1E:A2


/sbin/iptables -A FORWARD -p tcp -j MAC_RULE


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest