[Wlug] iptables use of --mac-source

[Justin Odom]

Andy,

MAC Addresses work at layer 2. When a router receives a packet, it
strips off the mac addresses, looks at its destination, appends its
own mac addresses, and forwards out the appropriate interface.

The MAC your seeing is probably your ISP's router.

On 8/31/06, Andy Stewart <andystewart at comcast.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> HI everybody,
>
> I'm playing with my firewall rules, trying to setup a rule that will
> recognize my laptop's mac address on an incoming connection.
>
> I tried this:
>
> iptables -I INPUT -m mac --mac-source uu:vv:ww:xx:yy:zz -j LOG
> - --log-prefix "Laptop Detected: "
>
> That worked fine.  I saw the appropriate log entry when my laptop ping'd
> the firewall.  The log entry showed the expected mac address of my
> laptop.  At that time, my laptop was plugged into my home network, which
> is connected to the "internal" interface of my firewall.
>
> I then setup iptables to log all incoming packets from the firewall's
> external interface, and I noticed that in the log all incoming mac
> source addresses are the same.  I didn't expect this.  The address is
> 00:0b:bf:xx:xx:xx, which I think is a piece of Cisco hardware, and I
> don't have any Cisco hardware at home.  Is this some hardware from my ISP ?
>
> I'm guessing somebody is rewriting the packets to replace the source mac
> address, but clearly my knowledge of this is lacking, and thus I'm
> confused.  Any helpers?
>
> Thanks,
>
> Andy
>
> - --
> Andy Stewart, Founder
> Worcester Linux Users' Group
> Worcester, MA, USA
> http://www.wlug.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFE95kJHl0iXDssISsRAmcUAJ4zD1PDX+TmZca7gzdmtvf7DwWgxACfUH4B
> 3awkKwfmcBN7nmu/WXjsre4=
> =6u9G
> -----END PGP SIGNATURE-----
> _______________________________________________
> Wlug mailing list
> Wlug at mail.wlug.org
> http://mail.wlug.org/mailman/listinfo/wlug
>