Reputation: 1222
limit access through MAC address
I'm setting up a WAMP/LAMP stack on an old PC. This computer will be connected to a local network with about a dozen other PC's. I'm interested in limiting access from everyone else's computers, so that only my partner and I can access our local server. The best way, I think, to do this is to block out everyone else's MAC address (router assigns IP's automatically, so I don't want to be dependent on that). I'd like to add that I don't have access to the router's config page, so this would have to be done from the server itself.
Can anyone expand on how this is done?
Upvotes: 1
Views: 9333
Answers (3)
Reputation: 1635
linux/iptables, the sort-of blacklist way, this will drop all traffic originating from the specified mac addresses:
iptables -I INPUT 1 -m mac --mac-source <blacklisted mac 1> -j DROP
iptables -I INPUT 1 -m mac --mac-source <blacklisted mac 2> -j DROP
However, I'm not really sure if this is what you want, the mac-address isn't really a reliable method of filtering your traffic. Most modern NICs allow you to change your mac-address, and if the ip-packet that the ethernet-frame encapsulates has passed through a router, the source-mac-address on the ethernet-frame is going to be the one of the last router it passed through and not the originating computer.
I would suggest looking into mod_auth_basic or something similiar, it's much more forgiving than iptables when making mistakes. And if you do decide to go down the iptables route, I would suggest more of a whitelisting approach where iptables drop certain traffic by default and then allow through what you want.
iptables -A INPUT -p tcp --dport 80 -m mac --source <your mac> -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m mac --source <your partners mac> -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
Upvotes: 3
Reputation: 4258
If you can't fiddle with the router then you have to implement restrictions on the server itself: depending on how paranoid you want to be, a few options that spring to mind are:
- Easiest - setup a VirtualHost in Apache setting the hostname to something unique that does not resolve via DNS: simply add this entry to your local hosts file and voila - anyone accessing the server via IP will get the default Apache host (welcome page).
- Middle - use mod_auth_basic to add basic (username + password via htpasswd) access to the webserver
- Hardest - add iptables rules to block all access to port 80 except from given mac's
Upvotes: 1
Reputation: 40497
First place to look at is your router's control panel. Usually routers (at least for wireless) allow access control based on physical addresses.
Second thing to help you is the firewall. Look for firewall which limits access by mac address (if you are using linux I'm pretty much sure it already has this capability, on my wintel I'm using Comodo Personal Firewall which allows me to filter by physical address.)
Upvotes: 1
Related Questions
- Restricting access to a site using IP address
- Restrict access to directories through ip address
- mac-address in local network with (javaScript or PHP)
- Client user authentication or MAC address restriction possibilities for my web application
- Banning MAC address from accessing certain port - C++
- Restricting access via IP-ranges (PHP)
- Allow only specific MAC addresses in Htaccess
- Limit website access to one computer
- is there a way to programmatically prevent certain mac address from accessing my web application
- IIS7 Restrict website access by MAC address?