// you’re reading...

Keamanan

Firewalling IP Address dan MAC Address dengan iptables

By mujie November 26, 2005 Post a comment

Kasus, disini kita mempunya 3 client, yaitu :
IP Client 1 = 192.168.1.5
MAC Address 1 = 00:89:CD:64:01:EF

IP Client 2 = 192.168.1.20
MAC Address 1 = 00:90:DD:14:11:CF

IP Client 3 = 192.168.1.14
MAC Address 3 = 00:40:EE:21:26:GE

Semua client terkoneksi melalui ethernet (LAN Card/NIC) 1 yang diberi nama eth1.

Firewalling dengan metode pertama :

#drop semua prerouting di eth1
iptables -I PREROUTING -t nat -i eth1 -j DROP

#——————- client pertama————————
#accept IP 192.168.1.5 dengan mac address 00:89:CD:64:01:EF
iptables -I PREROUTING -t nat -i eth1 -s 192.168.1.5 \
-m mac –mac-source 00:89:CD:64:01:EF -j ACCEPT

#drop IP 192.168.1.5 dengan mac address 00:89:CD:64:01:EF
#jika menggantinya dengan IP lain selain dari 192.168.1.5
iptables -I FORWARD -i eth1 -s ! 192.168.1.5 \
-m mac –mac-source 00:89:CD:64:01:EF -j DROP

#drop prerouting IP 192.168.1.5 dengan mac address 00:89:CD:64:01:EF
#jika menggantinya dengan IP lain selain dari 192.168.1.5
iptables -I PREROUTING -t nat -s ! 192.168.1.5 \
-m mac –mac-source 00:89:CD:64:01:EF -j DROP

#——————- client kedua————————
#accept IP 192.168.1.20 dengan mac address 00:90:DD:14:11:CF
iptables -I PREROUTING -t nat -i eth1 -s 192.168.1.20 \
-m mac –mac-source 00:90:DD:14:11:CF -j ACCEPT

#drop IP 192.168.1.20 dengan mac address 00:90:DD:14:11:CF
#jika menggantinya dengan IP lain selain dari 192.168.1.20
iptables -I FORWARD -i eth1 -s ! 192.168.1.20 \
-m mac –mac-source 00:90:DD:14:11:CF -j DROP

#drop prerouting IP 192.168.1.20 dengan mac address 00:90:DD:14:11:CF
#jika menggantinya dengan IP lain selain dari 192.168.1.20
iptables -I PREROUTING -t nat -s ! 192.168.1.20 \
-m mac –mac-source 00:90:DD:14:11:CF -j DROP

Catatan :
Disini karena client 3 tidak masuk kedalam rules, maka tidak dapat melakukan koneksi, walaupun berganti IP Address yang sama dengan client 1 dan 2. Sedangkan client 1 dan 2 tetap dapat melakukan koneksi, selama tidak melakukan perubahan IP Address.

Bookmark : These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • blogmarks
  • Blue Dot
  • Furl
  • Netscape
  • Slashdot
  • Smarking
  • Taggly
  • Technorati
  • YahooMyWeb
  • Spurl
  • co.mments
  • Linkter
  • MisterWong
  • MyShare
  • Reddit
  • StumbleUpon
  • ThisNext
  • connotea
  • DotNetKicks
  • PlugIM
  • Simpy

Pages: 1 2 3

Print This PostTags: , ,
Sign up for PayPal and start accepting credit card payments instantly.

Discussion

2 comments for “Firewalling IP Address dan MAC Address dengan iptables”

  1. @dayakman : sipp kalo berhasil… ela jera mambasa blog ayungku tuh lah lew

    Posted by mujie | November 3, 2008, 5:11 am

  2. pake mikrotik juga bro…. kalo ip address nya nggak cocok sama mac address maka connection nya langsung di drop, sudah saya coba di tempat saya kerja & berhasil

    Posted by dayakman | November 2, 2008, 12:16 am

Post a comment

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

Click to hear an audio file of the anti-spam word



Personal Project

Bloglog


View | Join

Blogcatalog

Shoutbox