On Thu, Nov 21, 2002 at 10:08:59AM +0100, Eduard Calvo (B-teljpa) EXP JAN 03 wrote: > > Hi Ramin, > > Thanks for your answer. But this solution is not suitable to me. This would > be a good solution if the only thing I had to do is to route packets based on > MAC. The problem is that I have to SNAT before routing. > > The reason is that I have to capture http traffic and redirect it through a > local Apache Server that I have in my Linux box. The server has to be able to > distinguish over hosts, and if I do SNAT in postrouting it will see the real > ip address of the packet, and not the NAT'ed address. I wonder if maybe Apache > has access to fields of the ip header (like TOS), because I would use these > fields to make Apache distinguish clients. > > Another solution is to implement a local process that, for each packet > captured, NATs the source address. But I don't know in which chain of iptables > could it leave the packets... > > Do you know another suitable alternative?? If you want to have a log of the HTTP activity based on the MAC then I'd suggest you to do something like this: iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \ --mac-source XX:XX:XX:XX:XX:XX -j LOG --log-prefix "Machine A" iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \ --mac-source YY:YY:YY:YY:YY:YY -j LOG --log-prefix "Machine B" iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \ --mac-source ZZ:ZZ:ZZ:ZZ:ZZ:ZZ -j LOG --log-prefix "Machine C" But if you want to do something at HTTP level based on the MAC, the only thing I can think of is to run apache at different ports and redirect the traffic based on the MAC to these seperate ports. Ramin > > Please, excuse my english, it's not my native language. > Thank you in advanced. > > Eduard. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
