From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Tomasz Chilinski" <chilek@chilan.com>
Date: Sat, 04 Sep 2004 13:55:59 +0000
Subject: Re: [LARTC] masquerade and mac problem
Message-Id: <20040904135529.M31207@chilan.com>
List-Id: <lartc.vger.kernel.org>
References: <20040904121939.70148.qmail@web60001.mail.yahoo.com>
In-Reply-To: <20040904121939.70148.qmail@web60001.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Sat, 4 Sep 2004 05:19:39 -0700 (PDT), Sorin Capra wrote 
> $ipt -t filter -N computer1 >/dev/null 2>&1 
> $ipt -t filter -N computer2 >/dev/null 2>&1 
> $ipt -t filter -N  computer3 >/dev/null 2>&1 
> $ipt -t filter -N computer4 >/dev/null 2>&1 
> $ipt -t filter -N computer5 >/dev/null 2>&1 
> 
> $ipt -A FORWARD -s 192.168.10.2 -j computer1 
> $ipt -A FORWARD -s 192.168.10.3 -j computer2 
> $ipt -A FORWARD -s 192.168.10.4 -j computer3 
> $ipt -A FORWARD -s 192.168.10.5 -j computer4 
> $ipt -A FORWARD -s 192.168.10.6 -j computer5 
> 
> $ipt -A computer1 -m mac --mac-source 00:c0:df:f7:7c:3b -j ACCEPT 
> $ipt -A computer2 -m mac --mac-source 00:06:4f:0f:3b:c1 -j ACCEPT 
> $ipt -A computer3 -m mac --mac-source 00:0c:6e:90:39:6a -j ACCEPT 
> $ipt -A computer4 -m mac --mac-source 00:90:27:5f:5e:78 -j ACCEPT 
> $ipt -A computer5 -m mac --mac-source 00:90:27:9b:3c:a2 -j ACCEPT 
>   
> $ipt -A POSTROUTING -t nat -s 192.168.10.2 -j MASQUERADE 
> $ipt -A POSTROUTING -t nat -s 192.168.10.3 -j MASQUERADE 
> $ipt -A POSTROUTING -t nat -s 192.168.10.4 -j MASQUERADE 
> $ipt -A POSTROUTING -t nat -s 192.168.10.5 -j MASQUERADE 
> $ipt -A POSTROUTING -t nat -s 192.168.10.6 -j MASQUERADE 
> 
> #$ipt -P FORWARD DROP 
> --------------------

Use mac source match in chain PREROUTING of nat table. Additionalny tests will be
working for first packets of connections (less load).

>Thank you in advance, 
>Sorin

Bests,
Tomasz Chilinski

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/