Total Pageviews
Banner 125x125 Or 125 x 250
Only
$1 / Month
Contact Me Via Email At: tikimedia@yahoo.com
Recent Comments
Follow by Email
Popular Posts
-
Bookmark how to insert code that appears in each post. The interesting thing is that many of the bloggers wrong in choosing the code so that... -
The new facility is more than blogger.com Scheduled Posts, with the facility Scheduled Posts (Scheduled Posts) we will be facilitated throug... -
The Importance of Referrer Logs This fascinating thrill ride is filled with all the twists and turns of exciting information, so be sure to ...
-
Are you feeling if your PC is experiencing slow performance? That may be because your windows registry in need of cleaning. There are many t...
-
We have numerous other articles written on this very subject. Each one tackles a different aspect of this complex topic. Making solid that y...
-
Turkish Prime Minister Recep Tayyip Erdogan vowed to respond to attack Kurdish rebels who killed 13 Turkish troops. Kurdish rebels had kill...
-
On World Malaria Day is commemorated 25 April the world is reminded of malaria remains a major public health problem. More than 500 million...
-
Tea beneficial for health. Benefits include tea as an antioxidant, repairing damaged cells, smooth skin, slim body, prevent cancer, prevent ...
-
Chelsea continued to hunt the player, in order to increase the strength squad Andre Villas-Boas. Rumored that one of the game players are wi...
-
The new findings for neck pain. Healing neck pain is usually done with physiotherapy, massage and pain-reducing medication. But now a new me...
Recent Post
Review
Health
Female
International
Internet
Blog Archive
-
►
2012
(120)
-
►
May
(50)
- issue of Syria Could Be The debate in the U.S. Pre...
- Web Design Services
- Capcom Promises Faster Production of a New Game
- Former Japanese Prime Problem Fukushima Questioned...
- Iran Announces New Nuclear Plant Development
- Juve Suggested Take Gattuso
- Defeat Estonia, Bilic fact Confused
- Chong Wei Time Only Have Two Weeks
- opponent Bontang, Momentum Resurrection Persijap
- Nurse The Ideal Nurse Is Good
- "Myanmar military Do Crime Humanity"
- Mazda and Alfa Duet Design New MX-5
- German Chancellor cornered, The Strong Opposition
- Payday Game: The Heist & Left 4 Dead Will Collabor...
- Everest climbers. Increased So who killed 3 people...
- Spurs Make a note of victory to 17
- Walcott be sold?
- June, Rayman Origins 3DS Version Launched
- Pierfilippo: Not Contacted Capello Chelsea
- "Ghost" Arrested Drug
- "Black List" Bayern ala Lampard
- Djokovic and Murray Skip Adangan Prime
- New Ferrari Enzo Priced Rp7, 7 M
- 32 Killed in Latest Violence in Yemen
- Keep Malaysia Clean Protest leader "terrorized"
- Earthquake rattles Chile
- Lotus Evora GTC, the Successor Enduro GT4
- want Buried, Hamdi "Life Again"
- Market Price Information About Cars
- Pep Confident Villa Can Shown in Euro 2012
- Nokia Lumia 900 Defeat HTC One X
- Egyptian Candidates Debate Broadcast First
- Senner Tuning Nissan Juke Make More Powerful
- Success in online business
- Bond Aviation Fleet Allow EC135 Heli Fly Again
- Selection Of Proper Business
- Large chance to profit
- A way to appear on the website Pageone seo
- Sharapova and Azarenka Drove
- Three Formulas Children's Room Organizing Strategi...
- Samsung Show off Windows Phone Focus 2
- Commemorating 70 Years Doolittle Attacks
- Lakers After staying one step
- Difficult Open Bottle Caps, Use iPad Charger
- Nine Athletes to Championship Grand Prix Asia
- Suspected Russian Space Program sabotaged
- Microsoft SQL Server Adopted PT Adaro Energy
-
►
May
(50)
My Friends
Sometimes we as a network administrator is to mess around with a few clients "rogue" who likes changing the IP Address. Whereas previously a certain IP Address from client we already block access to certain hours, or we block for accessing a particular site.
Maybe a little bit I can give here is, how can we overcome the "naughtiness" client-client so that they can not change the IP Address they are "just delicious." I hope you at least know what it is and what is the IP Address MAC Address. In conducting an experiment here I use Linux distro ClarkConnect Home Edition version 3.0 is equipped with iptables version 1.2.11. My colleagues can use other Linux distributions.
Gains and losses:
* The advantage is, we can easily monitor the "movement" and conduct client logging for network administration or other analyzes are needed, because the client can not make changes to an IP Address.
* The loss, if only the hardware interface client suffered damage and do change, we must do our reconfigure the firewall rules based on the new MAC Address. But the damage is very rare.
There are two methods that I use here, and colleagues can all choose one of them, namely:
* First, whether we will conduct registration of all the IP Address and MAC Address client-client and not allow all of us connected with our client can not keep changing the IP Address. If the IP and MAC address is not listed in the firewall rules, then the client can not connect.
* Second, if we only want the IP Address and MAC Address are not certain we want to keep changing the IP Address. Here, if there is a new IP and MAC Address with the new, client still can not connect.
Case, here we possessed three clients, namely:
Client 1 IP = 192.168.1.5
MAC Address 1 = 00:89: CD: 64:01: EF
2 = 192.168.1.20 Client IP
MAC Address 1 = 00:90: DD: 14:11: CF
3 = 192.168.1.14 Client IP
MAC Address 3 = 00:40: EE: 21:26: GE
All clients are connected via Ethernet (LAN Card / NIC), one that is named eth1.
Firewalling with the first method:
# Drop all prerouting on eth1
iptables-I PREROUTING-t nat-i eth1-j DROP
The first client #------------------- ------------------------
# Accept IP 192.168.1.5 to the mac address 00:89: CD: 64:01: EF
iptables-I PREROUTING-t nat-i eth1-s 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j ACCEPT
# Drop the IP 192.168.1.5 to the mac address 00:89: CD: 64:01: EF
# If you replace it with another IP other than 192.168.1.5
iptables-I FORWARD-i eth1-s! 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j DROP
# Drop prerouting IP 192.168.1.5 with mac address 00:89: CD: 64:01: EF
# If you replace it with another IP other than 192.168.1.5
iptables-I PREROUTING-t-s grout! 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j DROP
The second client #------------------- ------------------------
# Accept IP address 192.168.1.20 with a mac 00:90: DD: 14:11: CF
iptables-I PREROUTING-t nat-i eth1-s 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j ACCEPT
# Drop the IP address of 192.168.1.20 with a mac 00:90: DD: 14:11: CF
# If you replace it with another IP other than 192.168.1.20
iptables-I FORWARD-i eth1-s! 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j DROP
# Drop prerouting IP address 192.168.1.20 with a mac 00:90: DD: 14:11: CF
# If you replace it with another IP other than 192.168.1.20
iptables-I PREROUTING-t nat-s! 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j DROP
Note:
Here, because the client does not enter into three rules, it can not connect, although the same IP address change with the client first and second. While the first and second client can still connect, for not making changes IP Address.
Firewalling with both methods:
The first client #------------------- ------------------------
# Drop the IP 192.168.1.5 to the mac address 00:89: CD: 64:01: EF
# If you replace it with another IP other than 192.168.1.5
iptables-I FORWARD-s-i eth1! 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j DROP
# Drop prerouting IP 192.168.1.5 with mac address 00:89: CD: 64:01: EF
# If you replace it with another IP other than 192.168.1.5
iptables-I PREROUTING-t nat-s! 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j DROP
The second client #------------------- ------------------------
# Drop the IP address of 192.168.1.20 with a mac 00:90: DD: 14:11: CF
# If you replace it with another IP other than 192.168.1.20
iptables-I FORWARD-i eth1-s! 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j DROP
# Drop prerouting IP address 192.168.1.20 with a mac 00:90: DD: 14:11: CF
# If you replace it with another IP other than 192.168.1.20
iptables-I PREROUTING-t nat-s! 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j DROP
Note:
Here, although the client 3 does not enter into the rules, still can not connect, although the change of origin is not the same IP address IP address with the client first and second. Client 1 and 2 still can not connect, as long as no change IP Address.
Until here all the colleagues can develop it, possibly by limiting the bandwidth of a particular IP address belongs to a client, or can only do browsing but can not chat in a certain time.
Maybe a little bit I can give here is, how can we overcome the "naughtiness" client-client so that they can not change the IP Address they are "just delicious." I hope you at least know what it is and what is the IP Address MAC Address. In conducting an experiment here I use Linux distro ClarkConnect Home Edition version 3.0 is equipped with iptables version 1.2.11. My colleagues can use other Linux distributions.
Gains and losses:
* The advantage is, we can easily monitor the "movement" and conduct client logging for network administration or other analyzes are needed, because the client can not make changes to an IP Address.
* The loss, if only the hardware interface client suffered damage and do change, we must do our reconfigure the firewall rules based on the new MAC Address. But the damage is very rare.
There are two methods that I use here, and colleagues can all choose one of them, namely:
* First, whether we will conduct registration of all the IP Address and MAC Address client-client and not allow all of us connected with our client can not keep changing the IP Address. If the IP and MAC address is not listed in the firewall rules, then the client can not connect.
* Second, if we only want the IP Address and MAC Address are not certain we want to keep changing the IP Address. Here, if there is a new IP and MAC Address with the new, client still can not connect.
Case, here we possessed three clients, namely:
Client 1 IP = 192.168.1.5
MAC Address 1 = 00:89: CD: 64:01: EF
2 = 192.168.1.20 Client IP
MAC Address 1 = 00:90: DD: 14:11: CF
3 = 192.168.1.14 Client IP
MAC Address 3 = 00:40: EE: 21:26: GE
All clients are connected via Ethernet (LAN Card / NIC), one that is named eth1.
Firewalling with the first method:
# Drop all prerouting on eth1
iptables-I PREROUTING-t nat-i eth1-j DROP
The first client #------------------- ------------------------
# Accept IP 192.168.1.5 to the mac address 00:89: CD: 64:01: EF
iptables-I PREROUTING-t nat-i eth1-s 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j ACCEPT
# Drop the IP 192.168.1.5 to the mac address 00:89: CD: 64:01: EF
# If you replace it with another IP other than 192.168.1.5
iptables-I FORWARD-i eth1-s! 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j DROP
# Drop prerouting IP 192.168.1.5 with mac address 00:89: CD: 64:01: EF
# If you replace it with another IP other than 192.168.1.5
iptables-I PREROUTING-t-s grout! 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j DROP
The second client #------------------- ------------------------
# Accept IP address 192.168.1.20 with a mac 00:90: DD: 14:11: CF
iptables-I PREROUTING-t nat-i eth1-s 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j ACCEPT
# Drop the IP address of 192.168.1.20 with a mac 00:90: DD: 14:11: CF
# If you replace it with another IP other than 192.168.1.20
iptables-I FORWARD-i eth1-s! 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j DROP
# Drop prerouting IP address 192.168.1.20 with a mac 00:90: DD: 14:11: CF
# If you replace it with another IP other than 192.168.1.20
iptables-I PREROUTING-t nat-s! 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j DROP
Note:
Here, because the client does not enter into three rules, it can not connect, although the same IP address change with the client first and second. While the first and second client can still connect, for not making changes IP Address.
Firewalling with both methods:
The first client #------------------- ------------------------
# Drop the IP 192.168.1.5 to the mac address 00:89: CD: 64:01: EF
# If you replace it with another IP other than 192.168.1.5
iptables-I FORWARD-s-i eth1! 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j DROP
# Drop prerouting IP 192.168.1.5 with mac address 00:89: CD: 64:01: EF
# If you replace it with another IP other than 192.168.1.5
iptables-I PREROUTING-t nat-s! 192.168.1.5
-M mac - mac-source 00:89: CD: 64:01: EF-j DROP
The second client #------------------- ------------------------
# Drop the IP address of 192.168.1.20 with a mac 00:90: DD: 14:11: CF
# If you replace it with another IP other than 192.168.1.20
iptables-I FORWARD-i eth1-s! 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j DROP
# Drop prerouting IP address 192.168.1.20 with a mac 00:90: DD: 14:11: CF
# If you replace it with another IP other than 192.168.1.20
iptables-I PREROUTING-t nat-s! 192.168.1.20
-M mac - mac-source 00:90: DD: 14:11: CF-j DROP
Note:
Here, although the client 3 does not enter into the rules, still can not connect, although the change of origin is not the same IP address IP address with the client first and second. Client 1 and 2 still can not connect, as long as no change IP Address.
Until here all the colleagues can develop it, possibly by limiting the bandwidth of a particular IP address belongs to a client, or can only do browsing but can not chat in a certain time.
0 Comments for Firewalling IP Address dan MAC Address dengan iptables
Leave a comment!