From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Tomasz Chilinski" Date: Sat, 04 Sep 2004 15:44:45 +0000 Subject: Re: [LARTC] masquerade and mac problem Message-Id: <20040904153822.M39607@chilan.com> List-Id: References: <20040904121939.70148.qmail@web60001.mail.yahoo.com> In-Reply-To: <20040904121939.70148.qmail@web60001.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On Sat, 4 Sep 2004 08:21:21 -0700 (PDT), Sorin Capra wrote > Thank you for the quick reply > > It works now , but I still have one question : why didn't it work before (in FORWARD) ? It should have worked , shouldn't it ? 1) Have you tried to do: iptables -t filter -L -nv and check if counters are non-zero for rules with mac source matches? 2) In kernel source I have found something like this (net/ipv4/netfilter/ipt_mac.c file): static int ipt_mac_checkentry(const char *tablename, const struct ipt_ip *ip, void *matchinfo, unsigned int matchsize, unsigned int hook_mask) { /* FORWARD isn't always valid, but it's nice to be able to do --RR */ if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD))) { printk("ipt_mac: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n"); return 0; } if (matchsize != IPT_ALIGN(sizeof(struct ipt_mac_info))) return 0; return 1; } Maybe during traversing filter/FORWARD hook mac field in skb structure is not valid, because packet is beeing forwarded between two ifaces. > Bests, > Sorin Bests, Tomasz Chilinski _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/