I''m thinking the answer is no but I thought I ask anyway. Is there a way to find out the MAC address of of an incoming connection using the logs generated with shorewall? It would be nice that way if someone''s IP changes you can at least still be blocking the MAC. -- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good either. ***
On Fri, 2003-08-22 at 11:09, Joe Gofton wrote:> I''m thinking the answer is no but I thought I ask anyway. Is there a way > to find out the MAC address of of an incoming connection using the logs > generated with shorewall?Yes -- see FAQ 6d. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Fri, 2003-08-22 at 11:33, Tom Eastep wrote:> On Fri, 2003-08-22 at 11:09, Joe Gofton wrote: > > I''m thinking the answer is no but I thought I ask anyway. Is there a way > > to find out the MAC address of of an incoming connection using the logs > > generated with shorewall? > > Yes -- see FAQ 6d. >I should add that you have to look at the raw log file -- "shorewall show log" strips out the Ethernet header display from log messages. fgrep <ip address> <log file> should work. Of course that assumes that assumes that you are logging traffic from the subject IP address. Another way is to ping the ip address and then "arp -na" | fgrep <ip address>. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Doh. Sorry. Broke my own rtfm rule.> On Fri, 2003-08-22 at 11:09, Joe Gofton wrote: >> I''m thinking the answer is no but I thought I ask anyway. Is there a >> way >> to find out the MAC address of of an incoming connection using the logs >> generated with shorewall? > > Yes -- see FAQ 6d. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > >-- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good either. ***
Why is this the only one that shows up in my log when all the IPs are
different?
root@dewy:/var/log# cat messages | grep Shorewall |awk ''{print
$8}'' | wc -l
2500
MAC=00:80:c8:32:d5:a3:00:05:74:f0:10:8c:08:00
> On Fri, 2003-08-22 at 11:09, Joe Gofton wrote:
>> I''m thinking the answer is no but I thought I ask anyway. Is
there a
>> way
>> to find out the MAC address of of an incoming connection using the logs
>> generated with shorewall?
>
> Yes -- see FAQ 6d.
>
> -Tom
> --
> Tom Eastep \ Shorewall - iptables made easy
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep@shorewall.net
>
>
--
Joe
***
I can only please one person a day.
Today is not your day and tomorrow doesn''t look good either.
***
Cool. Thanks> On Fri, 2003-08-22 at 11:33, Tom Eastep wrote: >> On Fri, 2003-08-22 at 11:09, Joe Gofton wrote: >> > I''m thinking the answer is no but I thought I ask anyway. Is there a >> way >> > to find out the MAC address of of an incoming connection using the >> logs >> > generated with shorewall? >> >> Yes -- see FAQ 6d. >> > > I should add that you have to look at the raw log file -- "shorewall > show log" strips out the Ethernet header display from log messages. > > fgrep <ip address> <log file> > > should work. Of course that assumes that assumes that you are logging > traffic from the subject IP address. Another way is to ping the ip > address and then "arp -na" | fgrep <ip address>. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > >-- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good either. ***
On Fri, 2003-08-22 at 11:44, Joe Gofton wrote:> Why is this the only one that shows up in my log when all the IPs are > different? > > root@dewy:/var/log# cat messages | grep Shorewall |awk ''{print $8}'' | wc -l > 2500 > > MAC=00:80:c8:32:d5:a3:00:05:74:f0:10:8c:08:00 >Er -- MAC addresses are only meaningful for hosts on your immediate LAN segment. Any traffic routed through your ISPs gateway will arrive at your firewall with the source MAC address of that gateway''s NIC. It may be helpful for you to read the chapter on MAC addresses in the Shorewall Setup Guide. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net