^^^^^^^^^ this is a very bad example
It's understandable example; so, it's enough.
Why MAC and not IP addresses?
IP addresses are very easy to change. The idea is only a two concrete
boxes with a concrete ubication can surfer the web freely.
Yes, but ORing the two, all clients should have gone to the local http
service.
The best thing, in this case, is to use chains:
iptables -t nat -N twoboxen
iptables -t nat -N others
iptables -t nat -A PREROUTING --mac-source aaaaaaaaaa -j twoboxen
iptables -t nat -A PREROUTING --mac-source bbbbbbbbbb -j twoboxen
iptables -t nat -A PREROUTING -j others
iptables -t nat -A twoboxen -j ACCEPT
iptables -t nat -A others -p tcp --dport 80 -j REDIRECT
I think this is a "large" solution. Two iptables code lines should be
enough. I've modified the lines:
iptables -t nat -A OUTOUT -p tcp -i eth1 -m mac --mac-source !
xx:xx:xx:xx:xx:xx --dport 80 -j DNAT --to-destination 192.168.1.1:80
iptables -t nat -A PREROUTING -p tcp -i eth1 -m mac --mac-source !
xx:xx:xx:xx:xx:xx --dport 80 -j DNAT --to-destination 192.168.1.1:80
Of course, thank you for your help and comments Luciano. ;)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
