DHCP 4.0.2, execute() and hardware address mismatch
Fernando André
fernando.andre at tvtel.pt
Mon Oct 11 10:45:16 UTC 2010
Hello,
Instead of using iptables directly can't you use a bash/perl script
between so that
you can add the left zero to complete the mac ?
Get the ISC ma string split the string by : check if it has length of 2
digits if no place a zero on the left
concatenate everything again and move it to iptables.
Best Regards,
FR
Em 11-10-2010 10:42, S?awomir Paszkiewicz escreveu:
> Hello,
> I`m trying to migrate from DNSMasq to ISC DHCP because of failover.
> My problem is that MAC Addresses (hardware) are in different format than
> iptables accept (i`m executing script via execute() which call iptables
> -A FORWARD -m mac --mac-source .... -j ACCEPT).
>
> In ISC DHCP logs format is correct:
>
> DHCPREQUEST for 10.59.146.180 from 00:d0:b8:0c:ba:d8 via eth0
>
> But 'hardware' (i`m using binary-to-ascii(16, 8, ":",
> substring(hardware,1, 6));) gives me:
>
> 0:d0:b8:c:ba:d8 which is incorrect for iptables:
>
> # iptables -A FORWARD -m mac --mac-source 0:d0:b8:c:ba:d8 -s
> 10.59.146.180 -j ACCEPT
> iptables v1.4.4: Bad mac address "0:d0:b8:c:ba:d8"
>
> My question is how to get correct (for iptables) format (same as in dhcp
> logs) ?
>
> Best regards,
> paszczus
> _______________________________________________
> dhcp-hackers mailing list
> dhcp-hackers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-hackers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-hackers/attachments/20101011/9dc5719c/attachment.html>
More information about the dhcp-hackers
mailing list