Blocking Internet access by MAC host Cyberoam











up vote
-1
down vote

favorite












There is a cyberoam router.
A firewall rule exits which drops all services from specific host.



Now the problem is if I specify the host as "IP host" and enter the source ip of particular node.
The node is unable to access Internet as expected.



But if i specify the host as "MAC Host " and enter the MAC address of same Node.
The node is still able to access the Internet. Any Suggestions why?



If u need i can also upload a image showing the configuration of the rule










share|improve this question


























    up vote
    -1
    down vote

    favorite












    There is a cyberoam router.
    A firewall rule exits which drops all services from specific host.



    Now the problem is if I specify the host as "IP host" and enter the source ip of particular node.
    The node is unable to access Internet as expected.



    But if i specify the host as "MAC Host " and enter the MAC address of same Node.
    The node is still able to access the Internet. Any Suggestions why?



    If u need i can also upload a image showing the configuration of the rule










    share|improve this question
























      up vote
      -1
      down vote

      favorite









      up vote
      -1
      down vote

      favorite











      There is a cyberoam router.
      A firewall rule exits which drops all services from specific host.



      Now the problem is if I specify the host as "IP host" and enter the source ip of particular node.
      The node is unable to access Internet as expected.



      But if i specify the host as "MAC Host " and enter the MAC address of same Node.
      The node is still able to access the Internet. Any Suggestions why?



      If u need i can also upload a image showing the configuration of the rule










      share|improve this question













      There is a cyberoam router.
      A firewall rule exits which drops all services from specific host.



      Now the problem is if I specify the host as "IP host" and enter the source ip of particular node.
      The node is unable to access Internet as expected.



      But if i specify the host as "MAC Host " and enter the MAC address of same Node.
      The node is still able to access the Internet. Any Suggestions why?



      If u need i can also upload a image showing the configuration of the rule







      networking router firewall blocking






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 15 '16 at 6:35









      user2984602

      124




      124






















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          0
          down vote













          Well, that's strange. This is how I do it in the company that I work for and it works just fine ...



          Check the settings under basic Settings in the Cyberoam Rules editor:



          Basic settings:
          Zone Source: LAN



          Zone dest. : WAN



          Network/Host Source : MAC_address



          Network/Host Destination : "Any IP Address"



          Services : "Any Services"



          Schedule : "All the time"



          Action : "Drop"



          Of course we have the cyberoam in between our internet router and our internal network.






          share|improve this answer























          • Sorry could you possibly clarify what the solution is that you are proposing?
            – Burgi
            Oct 13 '16 at 7:40


















          up vote
          0
          down vote













          The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.



          The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.



          That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.






          share|improve this answer




















            protected by Community Nov 27 at 17:18



            Thank you for your interest in this question.
            Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



            Would you like to answer one of these unanswered questions instead?














            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote













            Well, that's strange. This is how I do it in the company that I work for and it works just fine ...



            Check the settings under basic Settings in the Cyberoam Rules editor:



            Basic settings:
            Zone Source: LAN



            Zone dest. : WAN



            Network/Host Source : MAC_address



            Network/Host Destination : "Any IP Address"



            Services : "Any Services"



            Schedule : "All the time"



            Action : "Drop"



            Of course we have the cyberoam in between our internet router and our internal network.






            share|improve this answer























            • Sorry could you possibly clarify what the solution is that you are proposing?
              – Burgi
              Oct 13 '16 at 7:40















            up vote
            0
            down vote













            Well, that's strange. This is how I do it in the company that I work for and it works just fine ...



            Check the settings under basic Settings in the Cyberoam Rules editor:



            Basic settings:
            Zone Source: LAN



            Zone dest. : WAN



            Network/Host Source : MAC_address



            Network/Host Destination : "Any IP Address"



            Services : "Any Services"



            Schedule : "All the time"



            Action : "Drop"



            Of course we have the cyberoam in between our internet router and our internal network.






            share|improve this answer























            • Sorry could you possibly clarify what the solution is that you are proposing?
              – Burgi
              Oct 13 '16 at 7:40













            up vote
            0
            down vote










            up vote
            0
            down vote









            Well, that's strange. This is how I do it in the company that I work for and it works just fine ...



            Check the settings under basic Settings in the Cyberoam Rules editor:



            Basic settings:
            Zone Source: LAN



            Zone dest. : WAN



            Network/Host Source : MAC_address



            Network/Host Destination : "Any IP Address"



            Services : "Any Services"



            Schedule : "All the time"



            Action : "Drop"



            Of course we have the cyberoam in between our internet router and our internal network.






            share|improve this answer














            Well, that's strange. This is how I do it in the company that I work for and it works just fine ...



            Check the settings under basic Settings in the Cyberoam Rules editor:



            Basic settings:
            Zone Source: LAN



            Zone dest. : WAN



            Network/Host Source : MAC_address



            Network/Host Destination : "Any IP Address"



            Services : "Any Services"



            Schedule : "All the time"



            Action : "Drop"



            Of course we have the cyberoam in between our internet router and our internal network.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Oct 13 '16 at 10:25

























            answered Oct 13 '16 at 6:44









            Kostas Lamprakis

            33




            33












            • Sorry could you possibly clarify what the solution is that you are proposing?
              – Burgi
              Oct 13 '16 at 7:40


















            • Sorry could you possibly clarify what the solution is that you are proposing?
              – Burgi
              Oct 13 '16 at 7:40
















            Sorry could you possibly clarify what the solution is that you are proposing?
            – Burgi
            Oct 13 '16 at 7:40




            Sorry could you possibly clarify what the solution is that you are proposing?
            – Burgi
            Oct 13 '16 at 7:40












            up vote
            0
            down vote













            The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.



            The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.



            That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.






            share|improve this answer

























              up vote
              0
              down vote













              The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.



              The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.



              That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.






              share|improve this answer























                up vote
                0
                down vote










                up vote
                0
                down vote









                The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.



                The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.



                That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.






                share|improve this answer












                The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.



                The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.



                That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 27 at 19:33









                David Schwartz

                56.2k684128




                56.2k684128

















                    protected by Community Nov 27 at 17:18



                    Thank you for your interest in this question.
                    Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                    Would you like to answer one of these unanswered questions instead?



                    Popular posts from this blog

                    Probability when a professor distributes a quiz and homework assignment to a class of n students.

                    Aardman Animations

                    Are they similar matrix