Yes it works if you have the correct rules.
Are these 2 FORWARD rules your only rules ????? If no, please post
your full ruleset.
If yes ..... i can clearly see 2 problems.
You have not told us about your scenario, but i'll suppose you have
the simple scenario of a linux box with 2 NICs, forwarding packets
between NICs. The --mac-source rule you made WILL work. But you're
clearly missing some rule that allow packets to came back, the replies.
You're allowing the packet to go out, but not allowing replies to get
back. So, 'it will not work'. Based on your scenario, you certainly need
some rules to allow the return traffic.
And if these are your only 2 rules, then you're simply forwarding,
there's no NAT rule here. Packets will be forwarded but the original ip
address will be kept, that means, no Network Address Translation (NAT)
will occur. You would need some '-t nat -A POSTROUTING' rule for doing
the Source NAT.
Deephay escreveu:
Greetings all,
I am wondering how to do a MAC-based filtering for a NAT:
iptables -P FORWARD DROP
iptables -A FORWARD -m mac --mac-source xxxxxxxx -j ACCEPT
the above things will not work, is there a way to achieve this? thanks!
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@xxxxxxxxxxxxxx
My SPAMTRAP, do not email it
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
