iptables logs the same MAC address over and over...
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: red hat *, fedora core *, gentoo, slackware, ubuntu
Posts: 27
Rep:
iptables logs the same MAC address over and over...
Hi all,
Well lets get straight to the point.
I use the touchterm app for iPhone to monitor my server while on the road. But for secure reasons i have port 22 open for some ip addresses (work, home, school) which is ok when i am on a wifi connection in these places but i wanted to improve my iptables skills and add a MAC address filter.
So i used the syslog, in which iptables logs, to check what the MAC address of my iPhone was while its on the 3G connection.
Well it logs the most crazy MAC address i have ever seen in my sysadmin lifetime, 00:XX:48:XX:2d:XX:00:XX:23:XX:00:XX:08:XX. The XX's are my doing for secure reasons, go figure :-p
This is only the tip of the iceberg, this MAC is logged for every entry in all my logs. Since i never was intrested in this kind of info i never noticed this but now i really want to know what kind of crazy problem this is. Does anybody have this problem? Why isnt my log as acurate as it should be? What is this wierd kernel thinking?
Running Ubuntu 8.04 Hardy Heron
uname -a
Linux XXXX 2.6.24-23-server #1 SMP Wed Apr 1 22:22:14 UTC 2009 i686 GNU/Linux
well that's too long for a mac address, which is only 12 hex characters, but the mac address *SHOULD* be the same, as it should be the mac of the upstream router. Remember that mac addresses are only relevant to the local subnet (so why you've "secured" it I've no idea.) not the wider layer 3 world.
Distribution: red hat *, fedora core *, gentoo, slackware, ubuntu
Posts: 27
Original Poster
Rep:
Well ok thanks for pointing that out but this still leaves me with the question that iptables is logging incorrect mac addresses and i dont know why...
MAC=00:30:48:25:2d:48:00:04:23:09:00:e6:08:00
is an ethernet mac header
00:30:48:25:2d:48 is the destination, your server
00:04:23:09:00:e6 is the src, the gateway router of you server, intel
08:00 is IPv4
Distribution: red hat *, fedora core *, gentoo, slackware, ubuntu
Posts: 27
Original Poster
Rep:
Ok, well thank you, great reply!
But, why is my logfile not showing the MAC address of the machine trying to connect to my server? This should logged right? Or am i missing a iptables syntax?
As I said above, MAC is layer 2 data, so does not persist across a router. A remote devices MAC address is really of no interest to you, and it's impossible to know it from a standard IP packet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.