-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If I understood your question correctly, I'd suggest you use iptables instead of routing etc. Set up a firewall which prohibits some traffic depending on MAC source while it allows others. Ie, set up the rules which allows traffic with iptables in a way like this: iptables -A FORWARD -s 192.168.1.0/26 -j ACCEPT iptables -A FORWARD -s 192.168.1.64/26 -d 10.1.1.1/32 -j ACCEPT # what kind of access? etc, and then set up a policy of DROP on the FORWARD chain. For more on this, check out the howtos and tutorials etc on http://netfilter.samba.org/. Have a nice day, On Wednesday 03 October 2001 16:06, bharat merja wrote: > Hi, > > Thanks to all in advance, > > In recent I need policy based routing on my Linux2.4.3 box. requirement is > like to give access of Internet to some computers while this facility is > not available to rest people (That is based on MAC address only). > > My existin routing in "table main" is... > > 192.168.1.0/26 dev eth0 proto kernel scope link src 192.168.1.3 > 192.168.1.64/26 dev eth1 proto kernel scope link src 192.168.1.65 > 192.168.2.0/24 via 192.168.1.2 dev eth0 > 127.0.0.0/8 dev lo scope link > default via 192.168.1.1 dev eth0 > > Where 192.168.1.1 is ip of router, there is no restriction required on > 192.168.1.0/26, while on 192.168.1.64/26 I need to give access to some > computers only. > > I have done some work on it but not get success. I have done like > > #iptables -A PREROUTING -t mangle -i eth1 -m mac --mac-source > ab:cd:ef:12:34:56 -j MARK --set-mark 1 #ip rule add fwmark 1 table John > #ip route add unreachable default table John > > Then after I have tried in INPUT too.. But no success. > > If any one have implemented in their network Please guide me. What basic > mistakes I am commiting in this scenario? > > Looking forward for kind reply from Network Gurus. > > Thanks and regards > Bharat Merja. - ---------------------------------------- Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1" Content-Transfer-Encoding: quoted-printable Content-Description: - ---------------------------------------- - -- ----------------------------------- |Oskar Andreasson | |Multisoft Education AB | |http://www.libendo.com | |phone: +46-8-6635555 | |mailto: o.andreasson@xxxxxxxxxxx | ----------------------------------- BOFH excuse #1: clock speed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7uxy/xO3KTTz2r/kRAl5TAKCb4nWnOzQqD0UroaZ9pZm7oReJmgCguQAt rhVUgy8Csr2G17HaQgjtL5Q= =TKAk -----END PGP SIGNATURE-----
