Bash script who maps IP with MAC address

Shell Programming and Scripting
1

Hy every body,

Unfortunately and without success, i want to write a bash script who maps a known IP addess to a known MAC address using iptables and for the FORWARD chain.

Within the DHCP server, i have assigned a fixed IP address to all clients based on their MAC addresses of their network interface cards,

I have a list of the used IP addresses.
I have a list of their MAC addresses.
I dropped the FORWARD chain.

The output of the script will be such as the following:

So far this is what i found and did, but it's very generic (192.168.0.0/24).
I want to be very specific :slight_smile:

for MAC in `cat macacceptfile`;  
do
  iptables -A FORWARD -s 192.168.0.0/24 -p tcp -m mac --mac-source $MAC -j ACCEPT
done

Then i dropped some IP's with a second script. These IP's that i'm droping are not allowed within the DHCP server.

#!/bin/bash
BLOCKDB=/etc/squid/ipblocked
IPS=$(grep -Ev "^#" $BLOCKDB)
for i in $IPS
do
  iptables -I FORWARD -s $i -j DROP

Is there a solution in order to match these two scripts (just one script who do the work)

Thanks a lot in advance for your help :):slight_smile:

Red

---------- Post updated at 01:37 PM ---------- Previous update was at 04:32 AM ----------

Well make it simple:

if i have these 6 ip addresses:
192.168.0.10-15

Each ip address belong to nic card which has a MAC address
xx:xx:xx:xx:xx:xx:xx
aa:aa:aa:aa:aa:aa:aa
........

Now, is it possible to match (map) for example 192.168.0.10 TO xx:xx:xx:xx:xx:xx using a bash script !!

Thanks for helping

2

You can try something like this:

while read ipaddress && read macaddress <&3
do
  echo "do something with ip $ipaddress that has mac $macaddress"
done < ipaddress.file 3<macaddress.file

Where:

$ cat ipaddress.file 
192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
192.168.0.15
$ cat macaddress.file 
xx:xx:xx:xx:xx:xx:xx
aa:aa:aa:aa:aa:aa:aa
...
3

Without understanding what the request be, I'd be surprised if you could assign IPs amd MACs randomly reading from two independent files.
You should either read and use the DHCP config file, or the actual DHCP server's tables to find relations between the two.

4

Thanks a lot RudiC & Scruticizer for your reply,

Well,
1- I've got all the IP addresses with their respective MAC addresses in the DHCP server

2- I can also edit a file where i got two columns, one for the IP and the other for the MAC:

192.168.0.10    xx:xx:xx:xx:xx:xx
       192.168.0.11    aa:aa:aa:aa:aa:aa
        ................................................

Now either with the dhcp server or with the two columns file, is it possible to have at the end of the day, using a bash script something like:

Sorry for my very basic english :o

Thanks again for your interest and reply :b::slight_smile:

red

5

Given a file as shown under item 2-, try

sed 's/ / -m --mac-source /; s/^/iptables -I FORWARD -s /; s/$/ -j ACCEPT/' file
iptables -I FORWARD -s 192.168.0.10 -m --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
iptables -I FORWARD -s 192.168.0.11 -m --mac-source aa:aa:aa:aa:aa:aa -j ACCEPT

Should this NOT satisfy your needs, please become way more precise & detailed with your specification.

6

OK, thank you very much RudiC,

It shows the match between the IP and the MAC :b:

Now i want the result of your code to be part of the firewall. I mean with the following command:

i should see:

Thanks again for your help RudiC :slight_smile:

7

Not sure I understand...?

8

These two lines are OK , i can see them on the screen.

What i want to do is :
These two lines should be inside my firewall and not just displayed on the screen (netfilter 'iptables')

if i use the following command in order to see all the FORWARD rules:

i should see the result (the two lines of your code )

Actually when i launch the command

I should see two more lines -:slight_smile:

9

Sorry I'm not too familiar with iptables - did you try to just execute the two lines? Redirect into a temporary file, and then source that in your root shell.

10

YES exactly i want to execute these two lines hopefully -:slight_smile:
If i launch manually the two lines (one by one) it will do the work.

So now how to include them into the bash script !!!

I Think you got my point.

How to redirect into a temporary file, and then source the root shell ?

Thanks again RudiC.

---------- Post updated 11-03-17 at 09:57 AM ---------- Previous update was 11-02-17 at 10:31 AM ----------

Hy everybody an RudiC

I am bothering you but i want to learn from you. Just newbee to scripting

So far, with the big help of "RudiC", i got the script and it works just fine, thanks again "RudiC"

This is what i've done but seem's not professional at all !!!

How to be more professional !
Is it possible to include the file "ipmacmap" inside the script?
Any other ideas are welcomed

Thanks for helping me.

Red

11

You are welcome. It's always good and satisfying to see people learn and become creative.

Now, to your script. If it works as intended, that's fine, be it professional or not. Congrats!

Of course, it might benefit from some polishing. When I proposed to "source" the file, I meant that - not execute a new script in a subshell. Look up source in man bash . No copying #!/bin/bash to the file, no chmod - much less hassle.
When you want to "iinclude the file "ipmacmap" inside the script", do you mean creation of the file? Yes, that can be done, but: please don't raise vague enquiries but post hard facts: sample input data, desired output, the logics connecting the two, preferred tools, versions, etc. While in your case the output seems to be already defined, it mayhap could be reconsidered to better fit into the overall process.

12

Agree with you RudiC.

Thanks for your good job :b:

Red