On Saturday 22 May 2004 2:47 am, Alistair Tonner wrote:
> I note that iptables doesn't log mac addresses it cannot see (i.e. not
> directly connected) ... in 1.2.9x (as I and Antony are running) you still
> see the MAC= element. Perhaps in CVS the logging function drops this entry
> if MAC="" ??
Surely there will *always* be two MAC addresses involved in a communication -
that's how two machines find each other across the local subnet (ie: via a
switch / hub / access point etc)?
I agree that in a multi-hop connection between systems, at least one of the
MAC addresses seen by netfilter will definitely not be an endpoint (it will
be an interface on a local router), however unless you are running an access
point *as* a router (the standard way to run them is as a bridge) then you
should still see the MAC address of whatever machine is talking to the
firewall?
> -- that would indicate that someone on the wireless is being
> hijacked as a proxy?? *ugh*
In which case you would see the MAC address of the hijacked poxy machine...
Regards,
Antony.
--
Bill Gates has personally assured the Spanish Academy that he will never allow
the upside-down question mark to disappear from Microsoft word-processing
programs, which must be reassuring for millions of Spanish-speaking people,
though just a piddling afterthought as far as he's concerned.
- Lynne Truss, "Eats, Shoots and Leaves"
Please reply to the list;
please don't CC me.
