Hi, It really looks like you want to distinguish between well know users and a set of mobile users. NuFW (http://www.nufw.org) is done to distinguish between users because it's an authentication firewall. It authenticates connection in a secure manner, so you're sure of the identity of users that you let go accross your firewall. You can easily manage to build a solution comparable to the one you describe below with NuFW. With more flexibility and more security. On Wed, 2004-10-20 at 12:46 -0600, jgalvez@xxxxxxxxxxx wrote: > I am trying to setup a router, that forwards traffic from one interface > for only a specific set of MAC addresses. > > Users on eth1 side will use a static IP address with a known MAC > address. DHCP will be running on eth1 for rogue users. If the source IP > is 10.0.0.0/8 all port 80 traffic needs to be redirected to localhost > port 80. ONLY traffic from a listed IP and MAC should be allowed to be > forwarded out. > > I need some recommendation on how to accomplish this. If you could > point me to a similar example or something I can figure it out . The > more specific the better. I have a few of my notes and attempts below. > > TIA > -Josh > > eth0: > -Allow all traffic, in and out > eth1: > -Allow all DHCP traffic - something like below > #iptables -I INPUT -i eth1 -p udp --dport 67:68 --sport 67:68 \ > -j ACCEPT > -Allow all incoming traffic by source IP and MAC address > #iptables -A PREROUTING -i eth1 -t mangle -m mac \ > --source 208.5.x.242 --mac-source 00:30:65:0e:91:d6 -j ACCEPT > -Redirect all port 80 traffic from 10.0.0.0/8 to localhost:80 > -Drop all other incoming traffic > #iptables -A PREROUTING -i eth1 -t mangle -j DROP BR, -- Eric Leblond <eric@xxxxxxxxx> NuFW, Now User Filtering Works : http://www.nufw.org
Attachment:
signature.asc
Description: This is a digitally signed message part
