[9.060][ANSWERED] Can't block MAC address traffic on different subnet

Hi, the MAC address of my interanal interface is 00:0c:29:e7:c6[:D]5 .The way the firewall works is that all the traffic passes through the default gateway if the destination is masqueraded. So if you define the destination MAC and try to block, traffic is not blocked since the traffic is sent to the astaro interface first.
Screenshot:
1. Define MACs
2. Block Traffic by source MAC, it works.
3. Block by destination MAC, it doesn't work because astaro's interface is used due to masquerading.

Regards
Bill

Parents

0 da_merlin over 12 years ago

Can you give a real live example where you want to block by destination MAC?
If a packet is forwarded by the firewall, Layer2 is irrelevant, because destination MAC is always he ASG itself [:)]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Billybob over 12 years ago in reply to da_merlin

Can you give a real live example where you want to block by destination MAC?
Sure, the last screenshot in my original post is a prime example. That configuration will be used by multiple folks even when the documentation comes out. I wasn't aware that you couldn't block by destination MAC at all, I don't think this fact has been published before.

Regards
Bill
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Billybob over 12 years ago in reply to da_merlin

Can you give a real live example where you want to block by destination MAC?
Sure, the last screenshot in my original post is a prime example. That configuration will be used by multiple folks even when the documentation comes out. I wasn't aware that you couldn't block by destination MAC at all, I don't think this fact has been published before.

Regards
Bill
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data