Author | Message |
---|---|
Topic: How to bind IP/MAC to specific interface ports w/ IPTables? | |
MonarchX Replies: 1 Views: 579 |
Forum: Advanced Networking Posted: Mon Jan 03, 2022 15:25 Subject: How to bind IP/MAC to specific interface ports w/ IPTables? |
How can I bind local IP addresses and/or MAC addresses to specific interfaces (eth0, br0, wlan0, etc.) via IPTables and/or EBTables and/or ARPTables? Assume default policy has to be ACCEPT.
The wa ... |
|
Topic: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? | |
MonarchX Replies: 14 Views: 2934 |
Forum: Advanced Networking Posted: Fri Nov 26, 2021 18:58 Subject: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? |
I think somewhere here around, it was explained very much in details, what is the reason, why layer 2 filtering is not going to happen...
DDWRT SPI firewall works on WAN to LAN and LAN to WAN traffic ... |
|
Topic: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? | |
MonarchX Replies: 14 Views: 2934 |
Forum: Advanced Networking Posted: Fri Nov 26, 2021 11:12 Subject: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? |
Just to summarize what I wanted from initial thread was to find an answer on how isolate 2 LAN clients on the same subnet and same VLAN (or no VLAN) via EBTables, but it doesn't appear to be possible, ... | |
Topic: Bridge ARP isolation via EBTables | |
MonarchX Replies: 13 Views: 3424 |
Forum: Advanced Networking Posted: Sun Nov 21, 2021 21:26 Subject: Bridge ARP isolation via EBTables |
I don't want to make yet another EBTables thread, but I'd like to know how to view EBTables counters. Command from EBTables manpages doesn't work. In fact, several guides state that EBTables is bugged ... | |
Topic: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? | |
MonarchX Replies: 14 Views: 2934 |
Forum: Advanced Networking Posted: Fri Nov 12, 2021 10:28 Subject: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? |
LAN Port to LAN Port is handled by the switch. The router does not see these packets and cannot filter them. As far as I have seen, no switch in dd-wrt supports filtering.
So is it DD-WRT firmware ... |
|
Topic: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? | |
MonarchX Replies: 14 Views: 2934 |
Forum: Advanced Networking Posted: Thu Nov 11, 2021 20:51 Subject: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? |
MAC address filtering (layer 2) can be done with ebtables or iptables. It's like whack-a-mole, you're dancing around a topic trying to find a solution for something that may not have one that is clea ... | |
Topic: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? | |
MonarchX Replies: 14 Views: 2934 |
Forum: Advanced Networking Posted: Thu Nov 11, 2021 12:00 Subject: What Layer 2 NetFilter/Filter tools exist for Non-Bridges? |
IPTables = Layer 3 filtering
ARPTables = ARP filtering EBTables = Layer 2 filtering (including ARP), but only for Bridge interfaces What NetFilter tools exist for Layer 2 filtering on Non-Bridge ... |
|
Topic: Abnormal ARP Request | |
MonarchX Replies: 4 Views: 1196 |
Forum: Advanced Networking Posted: Tue Nov 09, 2021 13:45 Subject: Abnormal ARP Request |
Wireshark labels those abnormal requests as "ARP Announce" and "Gratuitous". I assume my SysCTL.conf just ignores such requests. | |
Topic: Abnormal ARP Request | |
MonarchX Replies: 4 Views: 1196 |
Forum: Advanced Networking Posted: Tue Nov 09, 2021 9:59 Subject: Abnormal ARP Request |
I don't like to share more info than necessary about my topology, but what is going on seems to fit the definition of Gratuitous ARP Attack Cache Poisoning - https://github.com/mehiar/ARP-Poisoning-an ... | |
Topic: Abnormal ARP Request | |
MonarchX Replies: 4 Views: 1196 |
Forum: Advanced Networking Posted: Mon Nov 08, 2021 21:52 Subject: Abnormal ARP Request |
192.168.7.3 is a client device in 192.168.7.1/24 network, where 192.168.7.1 is gateway.
Request who-has 192.168.7.3 tell 192.168.7.3, length 28 Request who-has 192.168.7.3 tell 192.168.7.3, lengt ... |
|
Topic: Bridge ARP isolation via EBTables | |
MonarchX Replies: 13 Views: 3424 |
Forum: Advanced Networking Posted: Fri Oct 29, 2021 15:43 Subject: Bridge ARP isolation via EBTables |
I spent half a day figuring out why EBTables were killing off my WiFi - 0x888E (EAP over LAN) had to be accepted for WiFi to work. | |
Topic: Bridge ARP isolation via EBTables | |
MonarchX Replies: 13 Views: 3424 |
Forum: Advanced Networking Posted: Thu Oct 28, 2021 17:10 Subject: Bridge ARP isolation via EBTables |
I don't use DHCP for LAN and assign static IP to each LAN device. I also assign and apply static ARP on-boot for each LAN devices in router and in LAN DNS server. My EBTables rules do not allow for A ... | |
Topic: Bridge ARP isolation via EBTables | |
MonarchX Replies: 13 Views: 3424 |
Forum: Advanced Networking Posted: Thu Oct 28, 2021 9:53 Subject: Bridge ARP isolation via EBTables |
My RP has only 1 loopback interface and 1 Ethernet interface. It does not have any bridge (br0) interfaces. It connects to one of my router's Ethernet ports and shows up in my router's ARP table as a ... | |
Topic: Bridge ARP isolation via EBTables | |
MonarchX Replies: 13 Views: 3424 |
Forum: Advanced Networking Posted: Thu Oct 28, 2021 0:05 Subject: Bridge ARP isolation via EBTables |
Isn't EBTables supposed to work only for bridge interfaces? If such is the the case, then EBTables rules for my Raspberry Pi (which has only one interface) should have no effect, but they do... | |
Topic: "Problem with specified source mac" NetFilter erro | |
MonarchX Replies: 4 Views: 1102 |
Forum: Advanced Networking Posted: Wed Oct 27, 2021 10:37 Subject: "Problem with specified source mac" NetFilter erro |
This is a bit off-topic, but when reading examples of anti-spoofing rules, examples mostly include source forwarding rules. Shouldn't anti-spoofing rules cover all directions? EBTables support syntax ... | |
All times are GMT |