MAC binding

Discussion of programming on Linux, including shell scripting, perl, python, c/c++, mono, java. Whatever tickles your fancy.

MAC binding

Postby venky145 » Wed Jan 17, 2007 5:57 pm

hi

when i am executing this in iptables i am getting this error.
i am using Redhat Enterprises linux 4

/sbin/iptables -A MAC -i eth1 -s 20.20.1.145 -p all -m mac --mac-source 00:0D:87:E9:84:5A - j ACCEPT
/sbin/iptables -A MAC -m state --state ESTABLISHED,RELATED -j ACCEPT

#-- Jump INPUT & FORWARD Polices to MAC
/sbin/iptables -A INPUT -p all -j MAC
/sbin/iptables -A FORWARD -p all -j MAC
/sbin/iptables -A MAC -i eth1 -p all -j DROP


Couldn't load target `MAC':/lib/iptables/libipt_MAC.so: cannot open shared object file: No such file or directory
venky145
Havaldaar
 
Posts: 118
Joined: Thu Jan 13, 2005 2:35 pm
WLM: ranga72
Yahoo Messenger: venky145
Location: qatar

Postby kbukhari » Wed Jan 17, 2007 8:01 pm

1st use this command
iptables -N MAC
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Re: MAC binding

Postby nomankhn » Fri Jan 19, 2007 2:07 pm

venky145 wrote:hi

when i am executing this in iptables i am getting this error.
i am using Redhat Enterprises linux 4

/sbin/iptables -A MAC -i eth1 -s 20.20.1.145 -p all -m mac --mac-source 00:0D:87:E9:84:5A - j ACCEPT
/sbin/iptables -A MAC -m state --state ESTABLISHED,RELATED -j ACCEPT

#-- Jump INPUT & FORWARD Polices to MAC
/sbin/iptables -A INPUT -p all -j MAC
/sbin/iptables -A FORWARD -p all -j MAC
/sbin/iptables -A MAC -i eth1 -p all -j DROP


Couldn't load target `MAC':/lib/iptables/libipt_MAC.so: cannot open shared object file: No such file or directory


Dear venky145,

Use this command to check whether your iptables version support mac or not ?

[root@ns1 ~]# iptables -m mac -h

that will show you the output at the end

MAC v1.2.11 options:
--mac-source [!] XX:XX:XX:XX:XX:XX
Match source MAC address

iptables -I FORWARD -p all -m mac --mac-source 00:0D:87:E9:84:5A -j DROP

I am sure above command will resolve your problem.

Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Dear, Nauman Khan.

Postby thecooldude » Wed Feb 14, 2007 4:33 am

iptables -I FORWARD -p all -m mac --mac-source 00:0D:87:E9:84:5A -j DROP

The above given chain is wrong.

I'll suggess you to go for the right one mentioned below: - The requests are by passing through your BOX, FORWARD would be used yes, if you have seperate Firewall box but needs to be define with IP.

iptables -A INPUT -p all -m mac --mac-source 00:0D:87:E9:84:5A -j DROP
thecooldude
Lance Naik
 
Posts: 43
Joined: Sun Nov 26, 2006 6:04 pm
Website: http://www.xsroot.com
WLM: cancerian_pisces@hotmail.com
Location: Dubai, UAE.

Re-Reply.

Postby thecooldude » Wed Feb 14, 2007 4:38 am

I've tested both, Even here is one more Example:

iptables -A INPUT -m mac --mac-source 00:0A:E6:29:E9:C1 -j DROP

Thanks
..

Regards,
Khurram Nawaz
0300-4141791.
thecooldude
Lance Naik
 
Posts: 43
Joined: Sun Nov 26, 2006 6:04 pm
Website: http://www.xsroot.com
WLM: cancerian_pisces@hotmail.com
Location: Dubai, UAE.

Re:

Postby LinuxFreaK » Wed Feb 14, 2007 1:13 pm

Dear thecooldude,
Salam,

You guys can take a look into following script.

FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi


Return to “%s” Programming

Who is online

Users browsing this forum: No registered users and 1 guest

cron