Blocking Internet access by MAC host Cyberoam
up vote
-1
down vote
favorite
There is a cyberoam router.
A firewall rule exits which drops all services from specific host.
Now the problem is if I specify the host as "IP host" and enter the source ip of particular node.
The node is unable to access Internet as expected.
But if i specify the host as "MAC Host " and enter the MAC address of same Node.
The node is still able to access the Internet. Any Suggestions why?
If u need i can also upload a image showing the configuration of the rule
networking router firewall blocking
asked Mar 15 '16 at 6:35
user2984602
124
add a comment |
up vote
-1
down vote
favorite
There is a cyberoam router.
A firewall rule exits which drops all services from specific host.
Now the problem is if I specify the host as "IP host" and enter the source ip of particular node.
The node is unable to access Internet as expected.
But if i specify the host as "MAC Host " and enter the MAC address of same Node.
The node is still able to access the Internet. Any Suggestions why?
If u need i can also upload a image showing the configuration of the rule
networking router firewall blocking
asked Mar 15 '16 at 6:35
user2984602
124
add a comment |
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
There is a cyberoam router.
A firewall rule exits which drops all services from specific host.
Now the problem is if I specify the host as "IP host" and enter the source ip of particular node.
The node is unable to access Internet as expected.
But if i specify the host as "MAC Host " and enter the MAC address of same Node.
The node is still able to access the Internet. Any Suggestions why?
If u need i can also upload a image showing the configuration of the rule
networking router firewall blocking
asked Mar 15 '16 at 6:35
user2984602
124
There is a cyberoam router.
A firewall rule exits which drops all services from specific host.
Now the problem is if I specify the host as "IP host" and enter the source ip of particular node.
The node is unable to access Internet as expected.
But if i specify the host as "MAC Host " and enter the MAC address of same Node.
The node is still able to access the Internet. Any Suggestions why?
If u need i can also upload a image showing the configuration of the rule
networking router firewall blocking
networking router firewall blocking
asked Mar 15 '16 at 6:35
user2984602
124
asked Mar 15 '16 at 6:35
user2984602
124
asked Mar 15 '16 at 6:35
user2984602
124
asked Mar 15 '16 at 6:35
user2984602
124
asked Mar 15 '16 at 6:35
user2984602
124
124
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
0
down vote
Well, that's strange. This is how I do it in the company that I work for and it works just fine ...
Check the settings under basic Settings in the Cyberoam Rules editor:
Basic settings:
Zone Source: LAN
Zone dest. : WAN
Network/Host Source : MAC_address
Network/Host Destination : "Any IP Address"
Services : "Any Services"
Schedule : "All the time"
Action : "Drop"
Of course we have the cyberoam in between our internet router and our internal network.
answered Oct 13 '16 at 6:44
Kostas Lamprakis
33
Sorry could you possibly clarify what the solution is that you are proposing?
– Burgi
Oct 13 '16 at 7:40
add a comment |
up vote
0
down vote
The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.
The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.
That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.
answered Nov 27 at 19:33
David Schwartz
56.2k684128
add a comment |
protected by Community♦ Nov 27 at 17:18
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Well, that's strange. This is how I do it in the company that I work for and it works just fine ...
Check the settings under basic Settings in the Cyberoam Rules editor:
Basic settings:
Zone Source: LAN
Zone dest. : WAN
Network/Host Source : MAC_address
Network/Host Destination : "Any IP Address"
Services : "Any Services"
Schedule : "All the time"
Action : "Drop"
Of course we have the cyberoam in between our internet router and our internal network.
answered Oct 13 '16 at 6:44
Kostas Lamprakis
33
Sorry could you possibly clarify what the solution is that you are proposing?
– Burgi
Oct 13 '16 at 7:40
add a comment |
up vote
0
down vote
Well, that's strange. This is how I do it in the company that I work for and it works just fine ...
Check the settings under basic Settings in the Cyberoam Rules editor:
Basic settings:
Zone Source: LAN
Zone dest. : WAN
Network/Host Source : MAC_address
Network/Host Destination : "Any IP Address"
Services : "Any Services"
Schedule : "All the time"
Action : "Drop"
Of course we have the cyberoam in between our internet router and our internal network.
answered Oct 13 '16 at 6:44
Kostas Lamprakis
33
Sorry could you possibly clarify what the solution is that you are proposing?
– Burgi
Oct 13 '16 at 7:40
add a comment |
up vote
0
down vote
up vote
0
down vote
Well, that's strange. This is how I do it in the company that I work for and it works just fine ...
Check the settings under basic Settings in the Cyberoam Rules editor:
Basic settings:
Zone Source: LAN
Zone dest. : WAN
Network/Host Source : MAC_address
Network/Host Destination : "Any IP Address"
Services : "Any Services"
Schedule : "All the time"
Action : "Drop"
Of course we have the cyberoam in between our internet router and our internal network.
answered Oct 13 '16 at 6:44
Kostas Lamprakis
33
Well, that's strange. This is how I do it in the company that I work for and it works just fine ...
Check the settings under basic Settings in the Cyberoam Rules editor:
Basic settings:
Zone Source: LAN
Zone dest. : WAN
Network/Host Source : MAC_address
Network/Host Destination : "Any IP Address"
Services : "Any Services"
Schedule : "All the time"
Action : "Drop"
Of course we have the cyberoam in between our internet router and our internal network.
answered Oct 13 '16 at 6:44
Kostas Lamprakis
33
edited Oct 13 '16 at 10:25
answered Oct 13 '16 at 6:44
Kostas Lamprakis
33
answered Oct 13 '16 at 6:44
Kostas Lamprakis
33
answered Oct 13 '16 at 6:44
Kostas Lamprakis
33
33
Sorry could you possibly clarify what the solution is that you are proposing?
– Burgi
Oct 13 '16 at 7:40
add a comment |
Sorry could you possibly clarify what the solution is that you are proposing?
– Burgi
Oct 13 '16 at 7:40
Sorry could you possibly clarify what the solution is that you are proposing?
– Burgi
Oct 13 '16 at 7:40
Sorry could you possibly clarify what the solution is that you are proposing?
– Burgi
Oct 13 '16 at 7:40
add a comment |
up vote
0
down vote
The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.
The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.
That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.
answered Nov 27 at 19:33
David Schwartz
56.2k684128
add a comment |
up vote
0
down vote
The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.
The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.
That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.
answered Nov 27 at 19:33
David Schwartz
56.2k684128
add a comment |
up vote
0
down vote
up vote
0
down vote
The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.
The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.
That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.
answered Nov 27 at 19:33
David Schwartz
56.2k684128
The MAC address is only used on the local network. If you're filtering on the WAN (Internet) side, local MAC addresses are not relevant.
The hardware destination address of all regular packets received on the WAN link is the router's MAC address on the WAN link. The hardware source address off all regular packets sent over the WAN link is the router's MAC address on the WAN link.
That's even assuming the WAN link uses MAC addresses. If it doesn't, then the concept of MAC addresses doesn't even apply to the WAN side.
answered Nov 27 at 19:33
David Schwartz
56.2k684128
answered Nov 27 at 19:33
David Schwartz
56.2k684128
answered Nov 27 at 19:33
David Schwartz
56.2k684128
answered Nov 27 at 19:33
David Schwartz
56.2k684128
56.2k684128
add a comment |
add a comment |
protected by Community♦ Nov 27 at 17:18
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
