Hi, after spending some time with iptables and linux virtual interfaces, I've decided to ask. I have a Linux BOX acting as a router among different LANs. I'm doing some filtering (only ssh traffic coming from a certain MAC addrress can go from one LAN to another, an so on): iptables -t filter -P FORWARD DROP iptables -A FORWARD -i eth0 -s 192.168.0.0/24 -p TCP -m mac --mac-source $whiskey_MAC -d 192.168.10.0/24 --dport 22 -j ACCEPT With physical interfaces only, all works well. When a try to filter traffic between 2 LANs attached to the same physical interface but with 2 different virtual IPs, it starts messing. Nothing works, I can't even log packets. Is that a known bug? Am I just misunderstanding? Please help. -- ################################################################## "Computer Science is no more about computers than astronomy is about telescopes." (E. W. Dijkstra) Dott. Francesco Chicchiriccò Amministratore unico Tel 3290573276 ePOSSE S.r.l. Sede operativa: Via dei Marrucini, 11 65127 Pescara Tel / FAX 0854503336 http://www.eposse.it ##################################################################
Attachment:
pgpI7rvsaX65q.pgp
Description: signature
