On Dec 10, 2007 4:34 AM, Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx> wrote: > > > > Deephay escreveu: > On Dec 9, 2007 7:31 PM, Leonardo Rodrigues Magalhães > <leolistas@xxxxxxxxxxxxxx> wrote: > > > Yes it works if you have the correct rules. > > Are these 2 FORWARD rules your only rules ????? If no, please post > your full ruleset. > > If yes ..... i can clearly see 2 problems. > > You have not told us about your scenario, but i'll suppose you have > the simple scenario of a linux box with 2 NICs, forwarding packets > between NICs. The --mac-source rule you made WILL work. But you're > clearly missing some rule that allow packets to came back, the replies. > You're allowing the packet to go out, but not allowing replies to get > back. So, 'it will not work'. Based on your scenario, you certainly need > some rules to allow the return traffic. > > And if these are your only 2 rules, then you're simply forwarding, > there's no NAT rule here. Packets will be forwarded but the original ip > address will be kept, that means, no Network Address Translation (NAT) > will occur. You would need some '-t nat -A POSTROUTING' rule for doing > the Source NAT. > > Hi, I am using one NIC with PPPoE and > > > OK ... the tipical 2 interfaces situation. One real NIC interface and > other logical PPPoE interface. Probably eth0 and ppp0, is that right ??? > > > iptables -t nat -A POSTROUTING -j MASQUERADE > > as the NAT rules. > > > OK ... so you have the NAT rule. > > > Is there a solution in this kind of situation? thanks for the help! > > Yes .... supposing eth0 is your internal NIC and ppp0 is your external > interface, simply having a rule > > iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT > > would be enough for allowing all the 'reply' packets to came back and > thus allowing your traffic base on MAC source to work. > > Please try that. OK, got it, thanks very much for the help! Cheers, Deephay > > > -- > > > Atenciosamente / Sincerily, > Leonardo Rodrigues > Solutti Tecnologia > > http://www.solutti.com.br > > Minha armadilha de SPAM, NÃO mandem email > gertrudes@xxxxxxxxxxxxxx > My SPAMTRAP, do not email it > > > > - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
