Re: iptables/mac address filtering question

["Канивец Николай" <n_kanivets@futureservice.ru>]

Of course they do.
You will have the source ip address unchanged (if you do not perfrom SNAT on
any on-the-way router), but you will receive the source MAC address of
router in the nearest to your destination Ethernet segment. In other words,
say you have 3 intermediate routers between your source and destination
machines. Your destination machine will "see" the MAC (ethernet) address of
the third-on-the-way router, not your original machine.

regards,
Nikolay.

С уважением,
Николай Канивец
e-mail: n_kanivets@futureservice.ru
----- Original Message -----
From: "Jay Sprenkle" <jsprenkle@gmail.com>
To: <netfilter@lists.netfilter.org>
Sent: Saturday, August 11, 2007 9:46 PM
Subject: iptables/mac address filtering question


> Good morning all,
>
> I'm already aware mac address is easily spoofed but I'd like to make
> it just a little bit harder to break into my system anyway. I'm trying
> to only allow a specific box to use scp to safely transfer data over
> the internet.
>
> I've put in a rule in my iptables chain but notice when I try to
> connect it's rejected. The mac address I'm getting is not the same as
> what iwconfig reports on my device. If a packet is passed through
> routers on it's way to my box do they change the mac address of the
> packet?
>
> Any suggestions would be welcome.
>
> Have a good weekend
>