Author |
Message |
|
Post subject: viazanost mac - IP nie staticke routy
Posted: 14.03.2006 - 17:57 #32094
|
|
Ucen
Joined: Nov 04, 2003
Posts: 544
|
|
zdravim .
som uplny zaciatocnik v mikrotiku.
cez winbox som co to nastavil a net mi bezi super..
mam ale velke plany , ako ho zabezpecit..
nemozem tam najst viazanost IP/mac . v manuale su spomenute len staticke routy. a to prave nechcem. chcem mat prehlad ,ktory box zije a ktory nie.. cez arp monitoring.
viem ,ze iptables to umoznuje,,a je to spomenute aj tu na fore,,ale nie v pripade miktotiku. ako to nahodim priamo tam ?
dik za akekolvek info. |
|
|
|
|
|
|
Post subject: viazanost mac - IP nie staticke routy
Posted: 14.03.2006 - 18:20 #32097
|
|
Basic
Joined: Okt 21, 2005
Posts: 52
|
|
goose wrote: ›zdravim .
som uplny zaciatocnik v mikrotiku.
cez winbox som co to nastavil a net mi bezi super..
mam ale velke plany , ako ho zabezpecit..
nemozem tam najst viazanost IP/mac . v manuale su spomenute len staticke routy. a to prave nechcem. chcem mat prehlad ,ktory box zije a ktory nie.. cez arp monitoring.
viem ,ze iptables to umoznuje,,a je to spomenute aj tu na fore,,ale nie v pripade miktotiku. ako to nahodim priamo tam ?
dik za akekolvek info.
pravidlo vo firewall / filter rules
;;; (kontrola mac+ip)
chain=forward src-address=10.10.1.2 src-mac-address=00:00:00:00:00:00
action=accept |
|
|
|
|
|
|
Post subject: RE: viazanost mac - IP nie staticke routy
Posted: 25.06.2006 - 13:39 #37053
|
|
Basic
Joined: Jún 25, 2006
Posts: 8
|
|
no ano presne tak by som to robil aj ja ale ja tam mam este navyse logovanie. a hlavne nezabudni ak chces aby ti to fungovalo tak vsetky accept musia byt nad log, no a aby to malo zmysel tak aj drop. Nezabudaj na poradie.
add chain=forward src-address=192.168.100.18 src-mac-address=00:E0:4C:39:0D:7C \
action=accept comment="xxxx" disabled=no
add chain=forward src-address=192.168.100.20 src-mac-address=00:4F:62:04:AD:0C \
action=accept comment="yyyy" disabled=no
add chain=forward src-address=192.168.100.5 src-mac-address=00:4F:62:04:AD:0C \
action=accept comment="zzzz" disabled=no
add chain=forward src-address=192.168.100.0/24 action=log log-prefix="" \
comment="Logovanie nekorektnych vstupov" disabled=no
add chain=forward src-address=192.168.100.0/24 action=drop comment="Obmedzenie \
lokálnej siete pre konkrétnu IP a Mac adresu" disabled=no |
|
|
|
|
|
|
Post subject: RE: viazanost mac - IP nie staticke routy
Posted: 25.06.2006 - 14:15 #37054
|
|
Majster
Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
|
|
100rm: nezavisi to len tak nahodou od toho co chces logovat ? lebo ak chces logovat aj spojenia ktore su v accept, tak ked bude log az podtym tak sa k tomu pravidlu packety pravdepodobne nedostanu... |
|
|
|
|
|
|
Post subject: RE: viazanost mac - IP nie staticke routy
Posted: 25.06.2006 - 16:50 #37055
|
|
Basic
Joined: Jún 25, 2006
Posts: 8
|
|
Ehe mas recht. Pre mna je podstatne vediet kto si meni ip adresu s cielom lepsieho connectu, pripadne typka co tam nema co robit. Na to je to uplne super. Mam to odskusane tak viem co pisem. Ale kazdy podla svojho GHOOSTA |
|
|
|
|
|
|
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group Credits |