How to log MAC address of computer trying to access blocked IP?

Discussion in 'Tomato Firmware' started by Dataa, May 30, 2014.

  1. Dataa

    Dataa Network Newbie Member

    I would like to log the Mac address of the computer trying to access a certain IP address, so I can block that mac address at a later time.

    iptables -I FORWARD -d <exteranal ip address to be blocked> -j REJECT
    iptables -I FORWARD -d <exteranal ip address to be blocked> -j LOG

    The log only contains the internal ip address of the culprit. I would like the log to also contain the MAC address, so it is easier to identify the device.

    example of the log
    May 30 15:29:31
    unknown user.warn kernel:
    SRC=<internal ip of the culprit>
    DST=<exteranal ip address to be blocked>
    SYN URGP=0

    p.s. I know that is can find out the MAC of the device by using the ip address. However the ip is dynamic, and this network is free unsecured wifi. Many devices connect to this network and it is possible that another device may get assigned the same ip later on. That is why I want to log the Mac of the device at the time it tries to access the blocked ip address.
    Device I am using to experiment: WRT54gl
    Running Tomato by Shibby: 1.28.0005 112 ND VPN
  2. koitsu

    koitsu Network Guru Member

    You need to use the -m mac argument (to enable the netfilter mac module, which allows for MAC-based matching), and then use the --mac-source aa:bb:cc:dd:ee:ff flag to match the MAC address. This will work regardless of what IP address the client has.

    What chain (INPUT/OUTPUT/FORWARD) and table (nat vs. filter) this goes into is somewhat of a separate topic and to be completely honest I can't remember -- I think it goes into FORWARD but I'm not 100% sure, so I'd wait 'til someone else can answer.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice