Prihlásiť sa Odoslať Novinky :: FAQ :: Rozšírené vyhľadávanie :: Napísali o nás :: Ankety
Main Menu
· Home
· 
· FAQ
· 
· Diskusia
· 
Main Menu
· Domov

Moduly
· AvantGo
· Downloads
· FAQ
· News
· Recommend Us
· Reviews
· Search
· Sections
· Stats
· Topics
· Top List
· Web Links
· Forum
Jazyk
Výber jazykovej mutácie:

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in  •  Maximize
The time now is 27.04.2024 - 20:29

SKFREE Forum Index » SKFree Network » Software

Kontrola mac vs ip adresa

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 2 of 3 < 123 >
Author Message
airbilly
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 24.01.2007 - 19:50 #44809
Guru


Joined: Mar 13, 2005
Posts: 1867
Location: Nitra
pixall wrote: ›
airbilly wrote: ›
pixall wrote: › 100 zaznamov na 200mhz strojoch (w4k) a load brutalnych 0.00...

Na wifi sietach to nema zmysel, staci dat zariadenie do modu wisp, zakaznikovi tam nedat pristup a netreba riestit ziadny mac/ip filter. Jednoducho si tu ip nezmenia.


a co pripad ked si kliento odpoji zariadenie a nahodi svoje? pripadne co rovno votrelec?

Nema pravo si zariadenie menit, ked zmeni musi naklonovat mac aby sa pripojil. Tymto vsak porusi podmienky. Na ap bezi mac control.
Myslim, ze votrelca daky mac + ip filter nezadrzi, lahko si odchyti spravnu kombinaciu.
 
 View user's profile Send private message Send e-mail Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
airbilly
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 24.01.2007 - 19:53 #44811
Guru


Joined: Mar 13, 2005
Posts: 1867
Location: Nitra
icerowicz wrote: ›
Vcera sa mi stlao, ze zakaznik mal pridelenu ip,na comp nahodil si svojvolne na APCKO switch, pripojil si notebook a dal si na neho ip o jednu vyssiu ako mal na compe. A konflikt v sieti bol na svete Smile

Prave pre tieto pripady mam spustene na kazdej lan a ap dhcp server, a nasledne shaping, ktory neregistrovanym ip pusti len maly traffic cca 130kbit a najnizsiu prioritu.
 
 View user's profile Send private message Send e-mail Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
icerowicz
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 27.01.2007 - 19:00 #44899
Ucen


Joined: Apr 12, 2006
Posts: 930
Location: Vranov nad Topľou
nahadzujem ipsec. the end Smile
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
michalci
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 11.10.2007 - 13:42 #57743
Basic


Joined: Feb 26, 2005
Posts: 140
Location: Pieštany,vidiek
zdravim mam na Linuxovej brane spraveny IP filter takto:

Code: › iptables -A FORWARD -s 192.168.1.3 -i eth0 -j ACCEPT
iptables -A FORWARD -d 192.168.1.3 -j ACCEPT


problem je ten ze mi jeden uzivatel zacal pouzivat IP adresu ineho cize chcel by som doplnit IP filter o MAC adresu je mi jasne ze aj to sa da obist ale aspon ho na chvilu zdrzim, plus by som chcel doplnit IPtables aby posielali LOG do /usr/temp/
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
michalci
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 11.10.2007 - 17:08 #57752
Basic


Joined: Feb 26, 2005
Posts: 140
Location: Pieštany,vidiek
vyriesene

Code: › iptables -A FORWARD -m mac --mac-source XX:XX:XX:XX:XX:XX -s 192.168.1.3 -j ACCEPT
iptables -A FORWARD -m mac --mac-source YY:YY:YY:YY:YY:YY -s 192.168.1.4 -j ACCEPT


+ vycitanie spravnych MAC z ARP tabulky
 
 View user's profile Send private message Send e-mail Visit poster's website ICQ Number 
Reply with quote Back to top
Express
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 11.10.2007 - 22:16 #57761
Basic


Joined: Júl 04, 2007
Posts: 476
Robert wrote: ›Otazka, ako je to v tom systeme implementovane. Snad to pouziva nejake tie hashovacie tabulky alebo aspon binarne stromy. Ak by sa to malo linearne prehladavat, pri 600 zaznamoch by to naozaj bolo o dusu.

[spam]
hashovacie tabulky to nebudu ked som si precital ako to zatazi procesor, lebo pri hashovani je vykonnost lepsia ako najdomyselnejsia stromova struktura, mozno to bude ADT pole ale ani to by nemalo tak zatazit kompik
[/spam] Very Happy
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
matos1
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 13:58 #60694
Ucen


Joined: Sep 06, 2004
Posts: 684
Location: hranica s ukrajinou...
Code: › add chain="forward" src-address=192.168.2.x/32 src-mac-address=00:00:00:00:00:00 action=accept comment="Jmeno uživatele" disabled=no

Code: › add chain="forward" src-address=192.168.2.0/24 action=drop comment="Stop ostatni nezadane adresy" disabled=no

vedel by mi neikto povedat ako to mam nastavit? mam taku topologiu
problem je vtom ze ak spravim taketo pravidlo nalavo hore, tak to nefunguje pre subnet 192.168.0.x jedine ak by som to spravil na MK napravo hore
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
andreas4all
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 14:28 #60695
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD
musis do toho pravidla pridat input-intervace, pretoza sa to inak uplatnuje na vsetky interface.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Thomas
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 14:32 #60696
Majster


Joined: Okt 31, 2006
Posts: 2062
Location: TT
sprav to cez manglovanie , poznačuj si pakety ktore splnajumac+ip trebar značkou OK taktiež si takto označ pakety z jednotlivých subnetov teda tiež ako ok a potom si sprav pravidlo kde sa bude dropovať všetko čo nemá označenie ok
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
matos1
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 15:11 #60698
Ucen


Joined: Sep 06, 2004
Posts: 684
Location: hranica s ukrajinou...
for andreas4all, takto to nefunguje - packets a bytes stale 0
for Thomas, mozes mi to viacej rozpisat?
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
Thomas
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 15:49 #60700
Majster


Joined: Okt 31, 2006
Posts: 2062
Location: TT
Označ tagom OK pakety ktore splnaju podmienku IP+MAC a vstupuju na interface TEST
Code: › add action=mark-packet chain=input comment="" \
    in-interface=TEST new-packet-mark=OK passthrough=yes \
    src-address=172.17.222.1 src-mac-address=AA:AA:AA:AA:AA:0A


Potom dropni to čo tam nema čo robiť teda to čo nema tag OK a vstupuje na interface TEST

Code: ›
add action=drop chain=input comment="" disabled=no in-interface=TEST packet-mark=!OK


Samozrejme ipky a nazvy rozhrani si pomen tak ako potrebuješ
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
andreas4all
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 15:59 #60701
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD
to matos1 > zaujmave... preco si potom ludia u nas nemozu menit IP neviem, ze im to potom nefunguje....

Code: ›
chain=forward action=accept in-interface=wlan_AP1 src-address=192.168.1.25 src-mac-address=MM:AA:CC:MM:AA:CC

a na koniec drop, alebo pred to este logovanie, pripadne pridanie do src-listu
Code: ›
;;; ADD_SRC-LIST_BAD_IPvsMAC
     chain=forward action=add-src-to-address-list in-interface=wlan_AP1 address-list=BAD_IPvsMAC
     address-list-timeout=1w3d

chain=forward action=log in-interface=wlan_AP1 log-prefix="BAD_IPvsMAC"

chain=forward action=drop in-interface=wlan_AP1
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
lol
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 18:47 #60706
Ucen


Joined: Jan 15, 2005
Posts: 768
Preco to riesite tak zlozito? Krajsie riesenie je staticka ARP tabulka a nezatazuje to zbytocne CPU tolkymi FW pravidlami
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
andreas4all
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 22:08 #60721
Majster


Joined: Dec 09, 2004
Posts: 2539
Location: L.A.
dedinka pri PD
v poslednej dobe to riesim ako lol.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Thomas
Post subject: RE: Kontrola mac vs ip adresa  PostPosted: 16.01.2008 - 22:29 #60722
Majster


Joined: Okt 31, 2006
Posts: 2062
Location: TT
no mne tak ani nejde o tenprocesor , pokial sa da tak staviame body na pc takže tam je dostatok priestoru na taketo veci a na hlavnej GW sa robi akurat tak nat shaping a beži tam fUP skript
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
Display posts from previous:     
All times are GMT
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 2 of 3 < 123 >
Jump to:  

SKFREE Forum Index » SKFree Network » Software
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits

(C) SKFree 2002-2010: Powered by POSTNUKE. Môžete prebera? naše správy vo formáte XML(RSS)