Re: how to do a MAC-based filtering for NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




   Yes it works if you have the correct rules.

Are these 2 FORWARD rules your only rules ????? If no, please post your full ruleset.

   If yes ..... i can clearly see 2 problems.

You have not told us about your scenario, but i'll suppose you have the simple scenario of a linux box with 2 NICs, forwarding packets between NICs. The --mac-source rule you made WILL work. But you're clearly missing some rule that allow packets to came back, the replies. You're allowing the packet to go out, but not allowing replies to get back. So, 'it will not work'. Based on your scenario, you certainly need some rules to allow the return traffic.

And if these are your only 2 rules, then you're simply forwarding, there's no NAT rule here. Packets will be forwarded but the original ip address will be kept, that means, no Network Address Translation (NAT) will occur. You would need some '-t nat -A POSTROUTING' rule for doing the Source NAT.


Deephay escreveu:
Greetings all,

I am wondering how to do a MAC-based filtering for a NAT:

iptables -P FORWARD DROP
iptables -A FORWARD -m mac --mac-source xxxxxxxx -j ACCEPT

the above things will not work, is there a way to achieve this? thanks!


--


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@xxxxxxxxxxxxxx
	My SPAMTRAP, do not email it




-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux