|
|
ВНИМАНИЕ: Използвайте форумите на сайта за дa зададете вашите въпроси.
Въпрос |
От: R4 |
Дата: 01/12/2003 |
Privet,
ISP -> Linux -> LocalNet.
Izpolzvam maskarading. Iskam da davam dostyp do Linux-a samo
na opredeleni IP-ta, no taka 4e te da sa asociirani s MAC
adresite. Molia pomognete! S iptables li stava tova? A kak
da im vijdam MAC adresite? Za sega gi gledam samo pod
Windows s "nbtstat".
Blagodaria!
Koito se zanimava s linux e dobra du6a! :o)
|
Отговор #1 |
От: TraiN (moonwatcher __@__ mail__dot__bg) |
Дата: 01/12/2003 |
Znachi poneje ne znam dokyde si se sprawil s
masquerade-inga. Priemam che si se sprawil i ti paste-wam
samo info-to za MAC match
------------------------------------------------------------
6.4.3.2. MAC match
The MAC (Ethernet Media Access Control) match can be used to
match packets based on their MAC source address. As of
writing this documentation, this match is a little bit
limited, however, in the future this may be more evolved and
may be more useful. This match can be used to match packets
on the source MAC address only as previously said.
Note
Do note that to use this module we explicitly load it with
the -m mac option. The reason that I am saying this is that
a lot of people wonder if it should not be -m mac-source,
which it should not.
Table 6-9. MAC match options
Match --mac-source
Example: iptables -A INPUT -m mac --mac-source
00:00:00:00:00:01
Explanation: This match is used to match packets based on
their MAC source address. The MAC address specified must be
in the form XX:XX:XX:XX:XX:XX, else it will not be legal.
The match may be reversed with an ! sign and would look like
--mac-source ! 00:00:00:00:00:01. This would in other words
reverse the meaning of the match, so that all packets except
packets from this MAC address would be matched. Note that
since MAC addresses are only used on Ethernet type networks,
this match will only be possible to use for Ethernet
interfaces. The MAC match is only valid in the PREROUTING,
FORWARD and INPUT chains and nowhere else.
------------------------------------------------------------
P.S. M/u drugoto ako si sys statichno IP te sywetwam wmesto
MASQUERADE da izpolzwash SNAT
|
Отговор #2 |
От: Anonymous |
Дата: 01/12/2003 |
A pyk za gledaneto na MAC-ovete na drugite, dokato PC-tata
im sa pusnati nai lesno:
ping $IP
arp -n | grep $IP
i ste vidish MAC-a mu
|
Отговор #3 |
От: ice_cool (icecool (a) obe4[ точка ]org) |
Дата: 01/13/2003 |
mojesh da si reshish si4kite problemi kato pusnesh edno
DHCPD neka vsi4ki mashini ot mrejata da si zimat IP-tata i
drugitenastroiki ot nego
piske s iptables:
iptables -A INPUT -m mac --mac-source ! xx:xx:xx:xx:xx:xx -j
DROP
tva se seki mac adres koito imash v DHCPD-to
|
Отговор #4 |
От: Abuser_ |
Дата: 01/20/2003 |
mdaaa, obache ima edin problem.
Znachi az sum v tozi LAN i ne se predpolaga da poluchavam
internet, demek ne sum si platil primerno :)
obache sum tarikat i si pravia edna tablichka na list
hartia: IP - MAC na userite, koito sa v LAN-a, po-tochno
interesuvat me samo tezi, deto sa si platili i poluchavat
internet. Sled tova izdebvam koga niakoe ot tezi pc-ta ne e
vklucheno. I togava s komandata ifconfig si zadavam negovoto
IP i MAC :))) Dokolkoto se seshtam, zavisi ot vida na NIC-a,
poniakoga ne stava, no primerno pri 3com NIC niama problemi.
E neka togava niakoi da mi ogranichi dostupa po IP/MAC ako
moje :)
|
<< kak da dobawia paket w rh 7.3 (1
) | Quake III (2
) >>
|
|
|
|
|