just like transparent proxy assume http://AUTH_PORTAL_IP is where user can type password and become authed. iptables -t nat -A PREROUTING CONDITIONS_TO_MATCH_AUTHED -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to AUTH_PORTAL_IP iptables -t nat -A PREROUTING -j DROP 2005/6/6, Phani Kumar <pkumar@xxxxxxxxxxxxxxxxx>: > Hi, > I have implemented a linux router with 4 interfaces. > > eth0 -- outside net > eth1 -- > eth2 -- diff Internal n/ws > eth3 -- > > Now I had to allow only authenticated traffic to pass through the > router(i.e through interface eth0). > I have a list of all authenticated Mac-addresses in a file. > > All unauthenticated traffic (i.e non-authenticated mac-address traffic) > had to be redirected to default registration site. > > Pls can anyone suggest me how to do above task. > I am able to allow only authenticated traffic by using > > iptables -t filter -A FORWARD -m --mac-source xx.xx.xx... -i eth0 -j > ACCEPT > > and so on for all authenticated users > > iptables -t filter -A FORWARD -i eth0 -j DROP > > How do I redirect the unathenticated traffic to a registration portal > rather than dropping it?? > > Phani > IIIT-Hyd > > -- freewizard (at) gmail.com http://blog.tsing.org/freewizard/ (in Chinese)
