Re: source-mac filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Tried this (REDIRECT to another non-dhcp-standard udp-port) as well now, and the test indicates the same thing as before.
Started the dhcp deamon at udp/54356 and redirected everything coming in to the machine on upd/67 (normal dhcp) to port 54356.
What happaned was that the dhcp-server did not respond. When using strace one could see that there in nothing coming in on the socket.

The redirect-rule seems to work fine, pkts increasing every time something is received on port 67 :
# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 11 packets, 756 bytes)
pkts bytes target prot opt in out source destination
27 8856 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 MAC 00:B0:D0:BF:27:E8 redir ports 54356


However, when starting the dhcpd on port 67 again (still with the redirect-rule in the nat-table) the dhcp server responds, indicating (as far as I can see, I'm a tester not a designer) tha the dhcpd is somehow "listening on a lower level" than the iptables are working.

I'll try with another dhcpd.

br Håkan E.



From: Alistair Tonner <>
To: Håkan Engblom <cynic_0@xxxxxxxxxxx>,  netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: source-mac filtering
Date: Sun, 11 Jan 2004 00:55:44 -0500

On January 10, 2004 06:20 pm, Håkan Engblom wrote:
> Hi,
>
> I've run in to a strange problem. I have a dhcp-server on a 2.4.22 kernel
> with a 1.2.8 iptables. The dhcp-server is configured only to offer
> IP-addresses to one single mac-address (it is a single host on a private
> network)
>
>
> Does anyone have a clue ?
>
> br Håkan Engblom
>
> Some "logs" :

<relevant info snipped, since it has been through the list several times>

Can I think out loud for a moment???

have dhcpd listen on a *different* port than normal
have iptables grab relevant mac address broadcasts and redirect to appropriate port?

drop anything not in relevant mac address range?

Perhaps this might work???
anyone care to try?? --my personal net is static ... thankgod its only 5 boxen

Alistair Tonner


_________________________________________________________________
Hitta rätt på nätet med MSN Sök http://search.msn.se/


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux