Hi Dott On Mon, 5 Jul 2004 16:42:11 +0200, Dott. Francesco Chicchiriccò <francesco.chicchiricco@xxxxxxxxx> wrote: > Hi, > after spending some time with iptables and linux virtual interfaces, I've > decided to ask. > > I have a Linux BOX acting as a router among different LANs. I'm doing some > filtering (only ssh traffic coming from a certain MAC addrress can go from > one LAN to another, an so on): > > iptables -t filter -P FORWARD DROP > iptables -A FORWARD -i eth0 -s 192.168.0.0/24 -p TCP -m mac --mac-source > $whiskey_MAC -d 192.168.10.0/24 --dport 22 -j ACCEPT > > With physical interfaces only, all works well. When a try to filter traffic > between 2 LANs attached to the same physical interface but with 2 different > virtual IPs, it starts messing. Nothing works, I can't even log packets. Netfilter doesn't allow things like eth0:1 (it won't accept the colon), so all you do is use the normal interface name (eth0). Regards Askar > > Is that a known bug? Am I just misunderstanding? > Please help. > -- > ################################################################## > > "Computer Science is no more about computers than astronomy > is about telescopes." (E. W. Dijkstra) > > Dott. Francesco Chicchiriccò > Amministratore unico > Tel 3290573276 > > ePOSSE S.r.l. > Sede operativa: Via dei Marrucini, 11 65127 Pescara > Tel / FAX 0854503336 > http://www.eposse.it > > ################################################################## > > >
