n_kanivets at futureservice
Aug 11, 2007, 11:41 AM
Post #2 of 2
(752 views)
Permalink
|
|
Re: iptables/mac address filtering question
[In reply to]
|
|
Of course they do.
You will have the source ip address unchanged (if you do not perfrom SNAT on
any on-the-way router), but you will receive the source MAC address of
router in the nearest to your destination Ethernet segment. In other words,
say you have 3 intermediate routers between your source and destination
machines. Your destination machine will "see" the MAC (ethernet) address of
the third-on-the-way router, not your original machine.
regards,
Nikolay.
С уважением,
Николай Канивец
e-mail: n_kanivets [at] futureservice
----- Original Message -----
From: "Jay Sprenkle" <jsprenkle [at] gmail>
To: <netfilter [at] lists>
Sent: Saturday, August 11, 2007 9:46 PM
Subject: iptables/mac address filtering question
> Good morning all,
>
> I'm already aware mac address is easily spoofed but I'd like to make
> it just a little bit harder to break into my system anyway. I'm trying
> to only allow a specific box to use scp to safely transfer data over
> the internet.
>
> I've put in a rule in my iptables chain but notice when I try to
> connect it's rejected. The mac address I'm getting is not the same as
> what iwconfig reports on my device. If a packet is passed through
> routers on it's way to my box do they change the mac address of the
> packet?
>
> Any suggestions would be welcome.
>
> Have a good weekend
>
|
