Salam
I'm Using FC3 as squid proxy (transperant) everything is working fine. I'm using Iptables for MAC to bind with IP here are the commands
### DROP EVERYTHING FROM eth0 ###
iptables -I FORWARD -i eth0 -j DROP
### ALLOWED MAC ADDRESS ###
iptables -I FORWARD -i eth0 -s 192.168.1.2 -p all -m mac --mac-source 00:11:5B:A2:49:C1 -j ACCEPT
Its working fine with transperant proxy. I used FORWARD policy here because the Squid server is also a Router so i was suggested to use FORWARD instead of INPUT problem is that. I anyone enter the manual proxy in the browser so he can access the web even i block his MAC which is bind to his IP. I tried some MAC scripts from Linuxpakistan.net forums but they didn't seem to be working for me. I just have a problem how can i stop clients from this manual proxy problem which allow them to use internet ?
Manual Proxy problem with MAC
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear wazim4_u,
Salam,
# iptables -N LINUX_RULE
# iptables -A LINUX_RULE -j ACCEPT -m mac --mac-source 00:11:5B:A2:49:C1
# iptables -A INPUT -p tcp -j LINUX_RULE
# iptables -A FORWARD -p tcp -j LINUX_RULE
# iptables -A FORWARD -j LINUX_RULE
# iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Best Regards.
Salam,
# iptables -N LINUX_RULE
# iptables -A LINUX_RULE -j ACCEPT -m mac --mac-source 00:11:5B:A2:49:C1
# iptables -A INPUT -p tcp -j LINUX_RULE
# iptables -A FORWARD -p tcp -j LINUX_RULE
# iptables -A FORWARD -j LINUX_RULE
# iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Best Regards.
Farrukh Ahmed
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear wazim4_u,
Salam,
Brother if you have 50 clients then add their mac addresses in some file and load them using script !!
Best Regards.
Salam,
Brother if you have 50 clients then add their mac addresses in some file and load them using script !!
Code: Select all
#!/bin/sh
iptables -N LINUX_RULE
for MAC in `cat /etc/mac.allow`
do
iptables -A LINUX_RULE -j ACCEPT -m mac --mac-source $MAC
done
iptables -A INPUT -p tcp -j LINUX_RULE
iptables -A FORWARD -p tcp -j LINUX_RULE
iptables -A FORWARD -j LINUX_RULE
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Farrukh Ahmed
Dear Linux_Freak
Salam
Thanks for bringing an idea of script but is there no need to drop every incoming connection before we use our own rules ?
I will make up a script and test it soon but before this i have to clear all doubts. if there is something to block all incoming connection and then alow them by script
Allah HAfiz
Salam
Thanks for bringing an idea of script but is there no need to drop every incoming connection before we use our own rules ?
I will make up a script and test it soon but before this i have to clear all doubts. if there is something to block all incoming connection and then alow them by script
Allah HAfiz
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear wazim4_u,
Salam,
Best Regards.
Salam,
Brother i belive you do know how to drop all incoming traffic !!wazim4_u wrote:Thanks for bringing an idea of script but is there no need to drop every incoming connection before we use our own rules ?
I will make up a script and test it soon but before this i have to clear all doubts. if there is something to block all incoming connection and then alow them by script
Best Regards.
Farrukh Ahmed