On Dec 9, 2007 7:31 PM, Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx> wrote: > > Yes it works if you have the correct rules. > > Are these 2 FORWARD rules your only rules ????? If no, please post > your full ruleset. > > If yes ..... i can clearly see 2 problems. > > You have not told us about your scenario, but i'll suppose you have > the simple scenario of a linux box with 2 NICs, forwarding packets > between NICs. The --mac-source rule you made WILL work. But you're > clearly missing some rule that allow packets to came back, the replies. > You're allowing the packet to go out, but not allowing replies to get > back. So, 'it will not work'. Based on your scenario, you certainly need > some rules to allow the return traffic. > > And if these are your only 2 rules, then you're simply forwarding, > there's no NAT rule here. Packets will be forwarded but the original ip > address will be kept, that means, no Network Address Translation (NAT) > will occur. You would need some '-t nat -A POSTROUTING' rule for doing > the Source NAT. Hi, I am using one NIC with PPPoE and iptables -t nat -A POSTROUTING -j MASQUERADE as the NAT rules. Is there a solution in this kind of situation? thanks for the help! > > > Deephay escreveu: > > > Greetings all, > > > > I am wondering how to do a MAC-based filtering for a NAT: > > > > iptables -P FORWARD DROP > > iptables -A FORWARD -m mac --mac-source xxxxxxxx -j ACCEPT > > > > the above things will not work, is there a way to achieve this? thanks! > > > > > > -- > > > Atenciosamente / Sincerily, > Leonardo Rodrigues > Solutti Tecnologia > http://www.solutti.com.br > > Minha armadilha de SPAM, NÃO mandem email > gertrudes@xxxxxxxxxxxxxx > My SPAMTRAP, do not email it > > > > > - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
