Unfortunately and without success, i want to write a bash script who maps a known IP addess to a known MAC address using iptables and for the FORWARD chain.
Within the DHCP server, i have assigned a fixed IP address to all clients based on their MAC addresses of their network interface cards,
I have a list of the used IP addresses.
I have a list of their MAC addresses.
I dropped the FORWARD chain.
The output of the script will be such as the following:
So far this is what i found and did, but it's very generic (192.168.0.0/24).
I want to be very specific
for MAC in `cat macacceptfile`;
do
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -m mac --mac-source $MAC -j ACCEPT
done
Then i dropped some IP's with a second script. These IP's that i'm droping are not allowed within the DHCP server.
#!/bin/bash
BLOCKDB=/etc/squid/ipblocked
IPS=$(grep -Ev "^#" $BLOCKDB)
for i in $IPS
do
iptables -I FORWARD -s $i -j DROP
Is there a solution in order to match these two scripts (just one script who do the work)
Thanks a lot in advance for your help :)
Red
---------- Post updated at 01:37 PM ---------- Previous update was at 04:32 AM ----------
Well make it simple:
if i have these 6 ip addresses:
192.168.0.10-15
Each ip address belong to nic card which has a MAC address
xx:xx:xx:xx:xx:xx:xx
aa:aa:aa:aa:aa:aa:aa
........
Now, is it possible to match (map) for example 192.168.0.10 TO xx:xx:xx:xx:xx:xx using a bash script !!
Without understanding what the request be, I'd be surprised if you could assign IPs amd MACs randomly reading from two independent files.
You should either read and use the DHCP config file, or the actual DHCP server's tables to find relations between the two.
Sorry I'm not too familiar with iptables - did you try to just execute the two lines? Redirect into a temporary file, and then source that in your root shell.
You are welcome. It's always good and satisfying to see people learn and become creative.
Now, to your script. If it works as intended, that's fine, be it professional or not. Congrats!
Of course, it might benefit from some polishing. When I proposed to "source" the file, I meant that - not execute a new script in a subshell. Look up source in man bash . No copying #!/bin/bash to the file, no chmod - much less hassle.
When you want to "iinclude the file "ipmacmap" inside the script", do you mean creation of the file? Yes, that can be done, but: please don't raise vague enquiries but post hard facts: sample input data, desired output, the logics connecting the two, preferred tools, versions, etc. While in your case the output seems to be already defined, it mayhap could be reconsidered to better fit into the overall process.