Skip to main content

Howto Deploy Ethernet MAC Address Filtering on CommGate 3.x

  1. Download Notepad++ from http://notepad-plus.sourceforge.net/uk/site.htm to edit the following text files from a Windows PC. You can then convert the text files into Windows and UNIX modes easily.

  2. Using Notepad++, create a text file and save it as rc.firewall.macaddr in /etc/rc.d directory.

  1. Add all the Ethernet MAC Addresses into file /etc/rc.d/rc.firewall.macaddr (one MAC Address per line) to filter it via the firewall rules in the following format;

MACADDRS="\
11:22:33:44:55:66 \
aa:bb:cc:dd:ee:ff \
66:55:44:33:22:11"

Note: Please change the MAC addresses with your own.

  1. Using WinSCP3 (downloadable from http://winscp.net/eng/download.php), login to the CommGate 3.x system as user root and double-click on the following file /etc/rc.d/rc.firewall.local (Note: Save a copy of the original file for backup purposes before you edit it as a precaution).

  1. Add the customize rules to filter Ethernet MAC Address on the CommGate Shield 3.x firewall script located in /etc/rc.d/rc.firewall.local to allow traffic for authorized MAC addresses to the Internet or WAN interface (eth0).

Copy and paste these lines:

## Start of Ethernet MAC Address firewall script.
## The Ethernet Mac Address file must be located
## at "/etc/rc.d/rc.firewall.macaddr".
MACADDRS=`cat /etc/rc.d/rc.firewall.macaddr`

# This is where the IPTABLES firewall binary
# is located within the CommGate system.
IPTABLES=/sbin/iptables

# Create special table for Ethernet MAC Address

# Filtering with a table/chain name mac-allowed.
$IPTABLES -t nat -F mac-allowed 2>/dev/null
$IPTABLES -t nat -X mac-allowed 2>/dev/null
$IPTABLES -t nat -N mac-allowed

# Insert MAC address check into the
# NAT+PREROUTING table
$IPTABLES -t nat -I PREROUTING -i eth1 -j mac-allowed

# Add MAC addresses to our special table
for MAC in $MACADDRS; do
$IPTABLES -t nat -A mac-allowed -i eth1 -m mac --mac-source $MAC -j RETURN
done

# Drop all unrecognized MACs and change the
# LAN IP subnet 192.168.1.0/24 to your own
# LAN subnet. Refer to this website to
# calculate your Subnet Mask suffix as
# /24, /23, /32, etc.
$IPTABLES -t nat -A mac-allowed -i eth1 -d ! 192.168.1.0/24 -j DROP

## End of Ethernet MAC Address firewall script.


  1. Finally, check to make sure that the rc.firewall.macaddr file is uploaded to /etc/rc.d/ directory on the CommGate Shield system and restart the firewall as follow;

    service firewall restart

  2. Start testing your Internet/WAN access.

Labels:

Comments

Post a Comment

Popular posts from this blog

OpenProj - FREE alternative to Microsoft Project I wanted to share with all of you about Projity's important announcement last week at LinuxWorld. Projity announced the release of OpenProj, a FREE (yeah, another FREE software) and open source replacement of Microsoft Project. OpenProj is available on Windows, Linux, Unix or Mac and is interoperable with Microsoft Project. The best thing is, it even opens existing MS Project files! How cool is that? I read on OpenProj website that OpenProj has been downloaded on an average every 35 seconds around the clock at http://www.projity.com since they launched and made the software available last week. OpenProj is now in the 99.99th percentile for activity on Sourceforge.net and is quickly becoming one of the most used open source solutions worldwide. The OpenProj folks are expecting about 11 million worldwide users and in my opinion, this has been an excellent start for them. MS Project has been a key strategic solution for Micro...
1 comment
Read more
In early April 2006, I sign-up for the Excellerated Business School for Entrepreneurs (BSE) after a preview session held in Singapore by Executive-Directions. The seminar was held from 15 April to 23 April 2006 in Subang Jaya Hotel in Kuala Lumpur, Malaysia. The BSE in KL was organized by GlobeSL Sdn Bhd. I left Singapore on 14 April via Transtar , the only 1st class coach service which has 16 seats to create a lot of room for your leg. They also provide hot meal during the journey with hot drinks on demand. The seats are equipped with a massage chair, a personal in-flight entertainment system on LCD screen, PC Games and the F&B Attendant will provide anything that you ask for. From newspaper, magazines, blanket, hot/cold drinks, a new set of earphones for the entertainment system... they have it all. They are most courteous and polite at all times. I truly enjoy the Transtar service. For SG$50 from Singapore to KL, it's worth it. I arrived in Subang Jaya Hotel at about 10p...
Post a Comment
Read more

What Makes a Champion?

By NG Chang Siang, Education Success Coach MindChamps Holdings Ltd ‘’ What makes a champion is a champion mindset. The champion mindset is the transferable commodity, not the skill itself. If you have done something great in one field, you are far more likely to do it in another ‘’ --Professor Allan Snyder FRS I have a good friend who is a primary school teacher. He also takes on as a role of a coach in flaw ball for the students in his school. Guess what? He never play flaw ball before. Not even that, after he coached his students, they won a school team which was coached by a national flawball player. That day I met him in our soccer game as we play soccer together every Monday. He played soccer very well and represented his schools when he was very young. I ask him : “ How did you do it…?” “ How can someone with no flaw-ball playing experience train and beat another team whom has an experience coach?” He replied: “ Oh, I just use the strategy I know in playing soccer and apply...
Post a Comment
Read more