Deephay escreveu:
On Dec 9, 2007 7:31 PM, Leonardo Rodrigues Magalhães
<leolistas@xxxxxxxxxxxxxx> wrote:
Yes it works if you have the correct rules.
Are these 2 FORWARD rules your only rules ????? If no, please post
your full ruleset.
If yes ..... i can clearly see 2 problems.
You have not told us about your scenario, but i'll suppose you have
the simple scenario of a linux box with 2 NICs, forwarding packets
between NICs. The --mac-source rule you made WILL work. But you're
clearly missing some rule that allow packets to came back, the replies.
You're allowing the packet to go out, but not allowing replies to get
back. So, 'it will not work'. Based on your scenario, you certainly need
some rules to allow the return traffic.
And if these are your only 2 rules, then you're simply forwarding,
there's no NAT rule here. Packets will be forwarded but the original ip
address will be kept, that means, no Network Address Translation (NAT)
will occur. You would need some '-t nat -A POSTROUTING' rule for doing
the Source NAT.
Hi, I am using one NIC with PPPoE and
OK ... the tipical 2 interfaces situation. One real NIC interface
and other logical PPPoE interface. Probably eth0 and ppp0, is that right ???
iptables -t nat -A POSTROUTING -j MASQUERADE
as the NAT rules.
OK ... so you have the NAT rule.
Is there a solution in this kind of situation? thanks for the help!
Yes .... supposing eth0 is your internal NIC and ppp0 is your
external interface, simply having a rule
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
would be enough for allowing all the 'reply' packets to came back
and thus allowing your traffic base on MAC source to work.
Please try that.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@xxxxxxxxxxxxxx
My SPAMTRAP, do not email it
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
