Le lun 04/08/2003 à 19:57, Jesús García Crespo (aka Sevein) a écrit : > Monday, August 4, 2003 7:38:47 PM, you wrote: > f> Try -j MASQUERADE > iptables: Invalid argument You really should have a look at the doc... > iptables -A FORWARD --match mac --mac-source 00:c0:49:c9:d3:f1 -j MASQ This is wrong. MASQUERADING occurs in nat table, POSTROUTING chain : iptables -t nat -A POSTROUTING [...] -j MASQUERADE Moreover, in POSTROUTING chain, source MAC address is not available anymore. So you can't match it. If you really want to use source MAC as a criteria, you will have to mark packets in mangle table PREROUTING chain, then match this mark in your masquerading rule : iptables -t mangle -A PREROUTING -m mac --mac-source \ 00:c0:49:c9:d3:f1 -j MARK --set-mark 0x1 iptables -t nat -A POSTROUTING -m mark --mark 0x1 \ -j MASQUERADE Hope that'll help you achieve your goal. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
