Hi Payal, You can use the MAC match to restrict access. Something like this: iptables -t mangle -A PREROUTING -s (Masqueraded_IP) -m mac --mac-source (MAC_ADDR_MACHINE) -j ACCEPT Please follow the link below and read 6.4.3.2 for further understanding: http://iptables-tutorial.frozentux.net/chunkyhtml/matches.html#GENERICMATCHE S Hope this helps! Regards, Deepak Seshadri -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Payal Rathod Sent: Friday, September 10, 2004 2:18 PM To: Netfilter ML Subject: allowing connection Hi, Right now I am allowing only my client's LAN access one of my design's machine from the internet. Their LAN is a simple network, with a single IP and other machines are masqueraded. Now I want to allow only one of their machine to access my machine. Can I do it? I mean the machine is on 192.168.1.x series of IP, but can I restrict it on mac address basis? If yes, how do I do it? With warm regards, -Payal
