wlan0 problem

Taking care of your Linux box.
Post Reply
shahzad
Lance Naik
Posts: 19
Joined: Wed Mar 03, 2004 6:10 pm
Location: Pakistan
Contact:

wlan0 problem

Post by shahzad »

Salam!

i have got the following script from this forum, but i m confused on this term "wlan0" what does it mean, is it resembling to my eth0 of my network from which my server will accept requests from the clients.. please respond :) thanks in advance
#clear and re-create the maccheck table
iptables -t mangle -F maccheck
iptables -t mangle -X maccheck
iptables -t mangle -N maccheck

# if a request comes in from wlan0, check its MAC by jumping to the maccheck table
iptables -t mangle -I PREROUTING -i wlan0 -p tcp -j maccheck

# create the maccheck table of allowed MACs
allowed_mac="iptables -t mangle -A maccheck -m mac -j RETURN --mac-source "

# if any of these match the current MAC, we return from this table without
# doing anything
$allowed_mac 00:11:22:33:44:55
$allowed_mac 11:22:33:44:55:66

# otherwise, give any disallowed MAC address the mark 1 and log it
iptables -t mangle -A maccheck -j MARK --set-mark 1
iptables -t mangle -A maccheck -j LOG --log-prefix="set mark 1: "
iptables -t mangle -A maccheck -j RETURN

# do something with marked requests -- like force them to the local webserver's
# port 81 no matter what their intended destination
iptables -t nat -A PREROUTING -m mark --mark 1 -p tcp --destination-port 80 -j DNAT --to-destination=192.168.0.1:81
There is no glory without sufferings...
farhantoqeer
Major General
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Location: Karachi
Contact:

Post by farhantoqeer »

i guess it is for wireless lan.
A: Yes
Q: Is top-posting bad?
shahzad
Lance Naik
Posts: 19
Joined: Wed Mar 03, 2004 6:10 pm
Location: Pakistan
Contact:

hmm thanks but ...

Post by shahzad »

thanks for replying!

but i want some of the clients on my network to access internet, like if i want to put only few clients mac addresses for allowing them to use internet and for others their packets will be dropped, if their mac address is not specified on the script. Then what should i edit in my script, so that it can work for my local network, instead of wireless lan... thanks
There is no glory without sufferings...
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear shahzad,
Salam,

Just add their MAC Address in your /etc/rc.d/rc.local and allow them througth IPtables.

Best Regards.
Farrukh Ahmed
shahzad
Lance Naik
Posts: 19
Joined: Wed Mar 03, 2004 6:10 pm
Location: Pakistan
Contact:

hmm.

Post by shahzad »

salam!

can you please give me the syntax of allowing mac addresses in /etc/rc.local, without writing the one lengthy mac script...
There is no glory without sufferings...
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re: hmm.

Post by LinuxFreaK »

Dear Shahzad,
Salam,
shahzad wrote:can you please give me the syntax of allowing mac addresses in /etc/rc.local, without writing the one lengthy mac script...
The following code will block users whose mac address are 00:20:18:8a:31:41 and 00:C0:DF:0A:5D:89 and if you want to allow them just comment the iptable command.

Code: Select all

#                               Blocked Users
iptables -I INPUT -p all -m mac --mac-source 00:20:18:8a:31:41 -j DROP
#
iptables -I INPUT -p all -m mac --mac-source 00:C0:DF:0A:5D:89 -j DROP
Best Regards.
Farrukh Ahmed
shahzad
Lance Naik
Posts: 19
Joined: Wed Mar 03, 2004 6:10 pm
Location: Pakistan
Contact:

thanks! but still got problem

Post by shahzad »

thanks for replying Freak...

But actually you have mentioned the syntax of blocking users with mac addresses that u specify. But i want that i only put the allow list of my client's mac addresses, and other users with different mac addresses that are not allowed in my list will be blocked. Is there any syntax through which i can block all the clients on my network, and when i specify the only allowed mac address list on the /etc/rc.local . then it will allow only those clients on my network, whose mac address is specified in the /etc/rc.local file to be allowed... Thanks.
There is no glory without sufferings...
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear shahzad,
Salam,

Code: Select all

/sbin/iptables -A INPUT -p tcp -j MAC_RULE

iptables -N MAC_RULE

iptables -A MAC_RULE -j DROP

iptables -N MAC_RULE
iptables -A MAC_RULE -j ACCEPT -m mac --mac-source 00:07:40:4C:EE:00
iptables -A MAC_RULE -j DROP

# old mac blocking rules 
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 08:00:46:67:B1:5E
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 00:08:0D:EF:13:12
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 00:07:40:1C:1E:A2


/sbin/iptables -A FORWARD -p tcp -j MAC_RULE
Best Regards.
Farrukh Ahmed
Post Reply