Prihlásiť sa Odoslať Novinky :: FAQ :: Rozšírené vyhľadávanie :: Napísali o nás :: Ankety
Main Menu
· Home
· 
· FAQ
· 
· Diskusia
· 











Main Menu
· Domov

Moduly
· AvantGo
· Downloads
· FAQ
· News
· Recommend Us
· Reviews
· Search
· Sections
· Stats
· Topics
· Top List
· Web Links
· Forum

Jazyk
Výber jazykovej mutácie:



The time now is 28.03.2024 - 16:27


IP vs MAC filtering na StarOS

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 2 of 3 < 123 >
Author Message
andreas4all
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 12.12.2005 - 14:06 #26354
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD

poradte mi co robim zle...
deny all from any to any out via $net //zakaze uplne vsetko, skusal som aj deny all from 192.168.0.0/24 ale vysledok rovnaky
iptables -A INPUT -m mac --mac-source 01-23-45-67-89-0A -s 192.168.0.1 -i ether1 -j ACCEPT // mac som skusal aj s : ale to iste.

ak to ulozim a aplikujem, mam uplny zakaz, ale podla toho co ste tu povedali hore by mala byt tato ip adresa opravnena na pristup do inetu.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
si
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 12.12.2005 - 14:23 #26355
Majster


Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
najprv musis dat accept a az potom na zaver deny (teda tak to musi vyzerat vo vyslednej tabulke a kedze to davas cez -A tak vzdy pridavas nakoniec, tak aj v tom zapise to musis mat v takom poradit...)
lebo ako iste vies, aplikuje sa prve pravidlo ktore matchne Smile
 
 View user's profile Send private message Send e-mail Visit poster's website  
Reply with quote Back to top
Chalan
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 12.12.2005 - 17:39 #26360
Majster


Joined: Máj 12, 2004
Posts: 4579
Location: Bratislava
cize takto?
#povolime mac a zviazeme s ip
iptables -A INPUT -m mac --mac-source 01:23:45:67:89:0A -s 192.168.0.1 -i ether1 -j ACCEPT
#zakazeme vsetko ostatne
deny all from any to any out via $net

je to tak spravne?
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
si
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 12.12.2005 - 23:39 #26376
Majster


Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
ak to deny ide cez -A tak ano
 
 View user's profile Send private message Send e-mail Visit poster's website  
Reply with quote Back to top
andreas4all
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 19.12.2005 - 12:23 #26546
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD

bud som blby alebo to neviem, presne podla tohto a stale mam zakazany net po tomto vsetkom. ten iptables nejako nefunguje.

to deny funguje perfektne...
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
mgx
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 19.12.2005 - 12:27 #26548
Guru


Joined: Dec 27, 2002
Posts: 1505

nezabudni po zmene restartovat AP Smile
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
andreas4all
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 19.12.2005 - 12:30 #26549
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD

tak to je samozrejmostou...
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
iwik
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 19.12.2005 - 13:00 #26550
Basic


Joined: Feb 05, 2003
Posts: 118
Location: Bratislava
star os som sice videl len 5min...

v tom iptables povolujes -A INPUT, tj pristup na ten stroj (na ten star os)
a ty potrebujes povolit aj FORWARD
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
andreas4all
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 19.12.2005 - 13:54 #26555
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD

iptables -A FORWARD -s 192.168.0.1 -j ACCEPT #tak toto mi funguje, akonahle tam pridam porovnavanie s MAC tak to neprejde a uplatni sa deny all.... nasiel som tu ze MAC treba zadavat s ::, to mam.
ak spravne chapem tak prepinac -m je vlastne match(ze co sa ma rovnat) MAC --mac-source 00:00:00:00:00:00.
teraz to je vlastne tak, ze su povolene len niektore IP smerom von, ale nezavisle na MAC. Cize ak niekto si da takuto IP tak ma inet.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
iwik
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 19.12.2005 - 14:08 #26558
Basic


Joined: Feb 05, 2003
Posts: 118
Location: Bratislava
hore spominas
iptables -A INPUT -m mac --mac-source 01-23-45-67-89-0A -s 192.168.0.1 -i ether1 -j ACCEPT

a takisto by malo byt ok
iptables -A FORWARD -m mac --mac-source 01-23-45-67-89-0A -s 192.168.0.1 -i ether1 -j ACCEPT

(akurat pozeram ze na linuxe sa mac dava v tvare 01:23:45:67:89:0A)
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
andreas4all
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 19.12.2005 - 14:45 #26560
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD

dik funguje to. vysledny tvar:

iptables -A FORWARD -S ip_adresa -m mac --mac-source MM:AA:CC:MM:AA:CC -j ACCEPT
deny all from any to any via $net #net je premanna na adapter do inetu.

este raz vdaka.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Mich(at)l
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 19.12.2005 - 19:18 #26576
Basic


Joined: Júl 24, 2004
Posts: 240

Ok takze kde bola teda cely cas chyba... nejako mi to nedochadza...
len mac bola v zlom tvare?

a este taka otazka... nebolo by dobre dat tam aj ze cez aky interfejs to ma ist... napr. -i $net

PS: nema to byt nahodou ze ... FORWARD -s ...
lebo ty mas -S
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
Chalan
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 02.01.2006 - 16:36 #27182
Majster


Joined: Máj 12, 2004
Posts: 4579
Location: Bratislava
andreas4all wrote: ›dik funguje to. vysledny tvar:

iptables -A FORWARD -S ip_adresa -m mac --mac-source MM:AA:CC:MM:AA:CC -j ACCEPT
deny all from any to any via $net #net je premanna na adapter do inetu.

este raz vdaka.
mas tam chybu ma to byt

deny all from any to any out via $net
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
andreas4all
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 02.01.2006 - 16:51 #27184
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD

nie je to chyba. deny all prom any to any via $net znemena ze aj dnu aj von.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Chalan
Post subject: RE: IP vs MAC filtering na StarOS  PostPosted: 02.01.2006 - 17:00 #27185
Majster


Joined: Máj 12, 2004
Posts: 4579
Location: Bratislava
andreas4all wrote: ›nie je to chyba. deny all prom any to any via $net znemena ze aj dnu aj von.
no daj si syntax check a uvidis, mne to hadze chybu bez to out...
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
Display posts from previous:     
All times are GMT
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 2 of 3 < 123 >
Jump to:  

Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits

(C) SKFree 2002-2010: Powered by POSTNUKE. Môžete prebera? naše správy vo formáte XML(RSS)