Hello guys
I don't know if this thing has been posted before (if it was , please forgive me).
I have 7 computers at home and I want all of them to have access to the internet. In order to do that , I set up a linux router (2 network cards) as a usual router (eth0 : 82.77.69.75 - internet connection ; eth1 : 192.168.10.1 - local network) . The other computers have ips ranging from 192.168.10.2 to 192.168.10.8 . The linux router masquerades the other computers. The problem I have is that I want to do the masquerading based on mac AND the ip not only on the ip (so if I change the ip on a computer and use another ip from another computer which is down , the masquerading process shouldn't work)
What I came up with is this :
-------------------------
#!/bin/sh
ipt="/usr/sbin/iptables"
ipt="/usr/sbin/iptables"
$ipt -F
$ipt -F -t nat
$ipt -F -t nat
$ipt -t filter -N computer1 >/dev/null 2>&1
$ipt -t filter -N computer2 >/dev/null 2>&1
$ipt -t filter -N computer3 >/dev/null 2>&1
$ipt -t filter -N computer4 >/dev/null 2>&1
$ipt -t filter -N computer5 >/dev/null 2>&1
$ipt -t filter -N computer2 >/dev/null 2>&1
$ipt -t filter -N computer3 >/dev/null 2>&1
$ipt -t filter -N computer4 >/dev/null 2>&1
$ipt -t filter -N computer5 >/dev/null 2>&1
$ipt -A FORWARD -s 192.168.10.2 -j computer1
$ipt -A FORWARD -s 192.168.10.3 -j computer2
$ipt -A FORWARD -s 192.168.10.4 -j computer3
$ipt -A FORWARD -s 192.168.10.5 -j computer4
$ipt -A FORWARD -s 192.168.10.6 -j computer5
$ipt -A FORWARD -s 192.168.10.6 -j computer5
$ipt -A computer1 -m mac --mac-source 00:c0:df:f7:7c:3b -j ACCEPT
$ipt -A computer2 -m mac --mac-source 00:06:4f:0f:3b:c1 -j ACCEPT
$ipt -A computer3 -m mac --mac-source 00:0c:6e:90:39:6a -j ACCEPT
$ipt -A computer4 -m mac --mac-source 00:90:27:5f:5e:78 -j ACCEPT
$ipt -A computer5 -m mac --mac-source 00:90:27:9b:3c:a2 -j ACCEPT
$ipt -A computer2 -m mac --mac-source 00:06:4f:0f:3b:c1 -j ACCEPT
$ipt -A computer3 -m mac --mac-source 00:0c:6e:90:39:6a -j ACCEPT
$ipt -A computer4 -m mac --mac-source 00:90:27:5f:5e:78 -j ACCEPT
$ipt -A computer5 -m mac --mac-source 00:90:27:9b:3c:a2 -j ACCEPT
$ipt -A POSTROUTING -t nat -s 192.168.10.2 -j MASQUERADE
$ipt -A POSTROUTING -t nat -s 192.168.10.3 -j MASQUERADE
$ipt -A POSTROUTING -t nat -s 192.168.10.4 -j MASQUERADE
$ipt -A POSTROUTING -t nat -s 192.168.10.5 -j MASQUERADE
$ipt -A POSTROUTING -t nat -s 192.168.10.6 -j MASQUERADE
#$ipt -P FORWARD DROP
--------------------
$ipt -A POSTROUTING -t nat -s 192.168.10.3 -j MASQUERADE
$ipt -A POSTROUTING -t nat -s 192.168.10.4 -j MASQUERADE
$ipt -A POSTROUTING -t nat -s 192.168.10.5 -j MASQUERADE
$ipt -A POSTROUTING -t nat -s 192.168.10.6 -j MASQUERADE
#$ipt -P FORWARD DROP
--------------------
If I uncomment the last line ("#$ipt -P FORWARD DROP") the router won't forward any packets. What am I doing wrong ?
Thank you in advance,
Sorin
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
