[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Follow arp table for captive portal

* [Thu, May 16, 2013 at 04:28:04PM -0700] Ryan Hiebert:
I also thought of a 3, but I'm not sure if its reasonable or possible:
3. Get iptables or similar to log unknown mac/ip pairs that it sees.

Maybe you can use arptables for this. But I would go for the easiest path: just log any NEW (allowed) forwarded connection.

-A FORWARD -i ${if_in} -m state --state NEW -j LOG

(or -m conntrack --ctstate NEW ) then postprocess the logs when needed or use -j ULOG|NFLOG for fancy things. This way you have the (MAC) originator for every "established" connection.

Gian Piero.

Reply to: