bottleneck
Choose style:

Author Topic: Mac Filtering Issue  (Read 10123 times)

0 Members and 1 Guest are viewing this topic.

Offline Appendices

  • Newbie
  • Posts: 4
  • Thanks: 0
  • Registered : 14/10/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Mac Filtering Issue
« on: October 14, 2013, 02:33:15 pm »
I want the router to only accept MACs that I have pre-approved for use. I turned on mac filtering through my web browser, with the default drop setting. When I try to add a MAC address to be accepted by the filter, it adds the rule, but that device still can't connect.

Offline Patrick Wilson

  • Cashew
  • ****
  • Posts: 220
  • Thanks: 0
  • Registered : 21/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Mac Filtering Issue
« Reply #1 on: October 15, 2013, 10:14:05 pm »
I want the router to only accept MACs that I have pre-approved for use. I turned on mac filtering through my web browser, with the default drop setting. When I try to add a MAC address to be accepted by the filter, it adds the rule, but that device still can't connect.

Thank-you for bringing this to our attention.  I am doing some testing with the WebUI and the effects of settting changes thereof.


When I check the effects of these rules,  they seem to be in place,  but like you,  I've noted they aren't effectual.  I noted the following: 

Code: [Select]
~ # iptables -L -v
Chain INPUT (policy ACCEPT 35811 packets, 4055K bytes)
 pkts bytes target     prot opt in     out     source               destination         
35811 4055K malicious_input_filter  all  --  any    any     anywhere             anywhere           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
66477   16M web_filter  all  --  any    any     anywhere             anywhere           
66477   16M macipport_filter  all  --  any    any     anywhere             anywhere           
    0     0 malicious_filter  all  --  any    any     anywhere             anywhere           
    0     0 TCPMSS     tcp  --  any    any     anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT 17906 packets, 4104K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain macipport_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  any    any     anywhere             anywhere            MAC 00:15:58:C9:3F:9D tcp dpt:80
    0     0 DROP       tcp  --  any    any     anywhere             anywhere            MAC 20:10:7A:DB:BE:96 tcp dpt:80
   68 15802 DROP       tcp  --  any    any     anywhere             anywhere            MAC 00:1B:77:95:67:66 tcp dpt:80
  178 26729 ACCEPT     all  --  any    any     anywhere             anywhere           

Chain malicious_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 synflood_filter  tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN

Chain malicious_input_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  450 27000 synflood_input_filter  tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN

Chain synflood_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain synflood_input_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain web_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
~ #
~ # iptables -L -v
Chain INPUT (policy ACCEPT 36259 packets, 4114K bytes)
 pkts bytes target     prot opt in     out     source               destination         
36259 4114K malicious_input_filter  all  --  any    any     anywhere             anywhere           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
66681   16M web_filter  all  --  any    any     anywhere             anywhere           
66681   16M macipport_filter  all  --  any    any     anywhere             anywhere           
    0     0 malicious_filter  all  --  any    any     anywhere             anywhere           
    0     0 TCPMSS     tcp  --  any    any     anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT 18321 packets, 4134K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain macipport_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  any    any     anywhere             anywhere            MAC 00:15:58:C9:3F:9D tcp dpt:80
    0     0 DROP       tcp  --  any    any     anywhere             anywhere            MAC 20:10:7A:DB:BE:96 tcp dpt:80
  136 19866 DROP       tcp  --  any    any     anywhere             anywhere            MAC 00:1B:77:95:67:66 tcp dpt:80
  314 60588 ACCEPT     all  --  any    any     anywhere             anywhere           

Chain malicious_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 synflood_filter  tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN

Chain malicious_input_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  512 30720 synflood_input_filter  tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN

Chain synflood_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain synflood_input_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain web_filter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
~ #

I will keep investigating,  and reply further within this message thread when I have figured out what the problem is.  The "iptables" output presented above suggests that the rules are being put in place properly,  so I'll need to trace the chains to find the problem.  Stay tuned.....

Patrick Wilson
Victoria, BC Canada

Offline Appendices

  • Newbie
  • Posts: 4
  • Thanks: 0
  • Registered : 14/10/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Mac Filtering Issue
« Reply #2 on: October 15, 2013, 11:33:08 pm »
Thanks. I'll make sure to check in. I'm at a college, and they have serious rules about having your own router. I need to make sure it only accepts my trusted devices.

Offline Patrick Wilson

  • Cashew
  • ****
  • Posts: 220
  • Thanks: 0
  • Registered : 21/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Mac Filtering Issue
« Reply #3 on: October 16, 2013, 05:43:15 am »
Thanks. I'll make sure to check in. I'm at a college, and they have serious rules about having your own router. I need to make sure it only accepts my trusted devices.

Our software team are working on this.  For now please simply access the "Access Policy" screen on the Almond at: http://10.10.10.254/wireless/security.asp
(adjust if your Almond is not at default address 10.10.10.254)


Click on image to enlarge

Policy :

Allow : will only allow those client which are added in the list .

I hope this updated information helps you comply with the requirements of your college.   
« Last Edit: October 16, 2013, 05:55:53 am by Patrick Wilson »
Patrick Wilson
Victoria, BC Canada

Offline Appendices

  • Newbie
  • Posts: 4
  • Thanks: 0
  • Registered : 14/10/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Mac Filtering Issue
« Reply #4 on: October 16, 2013, 02:00:10 pm »
It still allows devices besides the one on the list.

Offline Patrick Wilson

  • Cashew
  • ****
  • Posts: 220
  • Thanks: 0
  • Registered : 21/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Mac Filtering Issue
« Reply #5 on: October 16, 2013, 07:48:43 pm »
It still allows devices besides the one on the list.

I managed to get it working here:


Click Image to Enlarge

Ensure you are providing the "Wireless" MAC address of your Laptop/Tablet/Smartphone.   
It doesn't become "Active" until you click "Apply"

Reload: http://10.10.10.254/wireless/security.asp to ensure the entry was accepted.

« Last Edit: October 16, 2013, 08:36:29 pm by Patrick Wilson »
Patrick Wilson
Victoria, BC Canada

Offline Appendices

  • Newbie
  • Posts: 4
  • Thanks: 0
  • Registered : 14/10/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Mac Filtering Issue
« Reply #6 on: October 17, 2013, 07:05:56 pm »
It did finally work the next day. It disallows any MACs that aren't on the list. Thanks for your help.

 

Page created in 0.065 seconds with 21 queries.

bottleneck