problem using MAC address.

problem using MAC address.

[ads nat]

Hi,
I want block forwarding as follows :

"iptables -I INPUT 1 -i eth1 -p tcp -m tcp --dport 25
-m mac --mac-source 00:08:A1:53:BE:71 -d ! 10.0.0.2 -j
DROP"

it does not work but when I try to do same thing with
rule 
"iptables -D FORWARD -i eth1 -p tcp -m tcp --dport 25
-s 192.168.0.42 -d ! 10.0.0.2 -j DROP"

Is there any sytax error.

Or Do I have to installed any additional module of
iptables.
I am using Redhat 9.0 Linux.
Please guide me.

Thanks for support.



		
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 

Re: problem using MAC address.

[ads nat]

I want to allow access to -d 202.63.167.193 and deny
to all other destination. 
Solutins you have given will restrict access to port
25 at all destinations.

Thanks for support.

--- Logechnik Alexandr <A.Logechnik@itak.ua> wrote:

> ads nat wrote:
> 
> >Hi,
> >I want block forwarding as follows :
> >
> >"iptables -I INPUT 1 -i eth1 -p tcp -m tcp --dport
> 25
> >-m mac --mac-source 00:08:A1:53:BE:71 -d ! 10.0.0.2
> -j
> >DROP"
> >
> >it does not work but when I try to do same thing
> with
> >rule 
> >"iptables -D FORWARD -i eth1 -p tcp -m tcp --dport
> 25
> >-s 192.168.0.42 -d ! 10.0.0.2 -j DROP"
> >
> >Is there any sytax error.
> >
> >Or Do I have to installed any additional module of
> >iptables.
> >I am using Redhat 9.0 Linux.
> >Please guide me.
> >
> >Thanks for support.	
> >
> Sorry, for the fulless answer.
> 
> You not need:
> iptables -I INPUT 1 -i eth1 -p tcp --dport 25 -m mac
> --mac-source 
> 00:08:A1:53:BE:71 -j DROP
> 
> You need:
> iptables -A FORWARD -p tcp --dport 25 -m
> --mac-source 00:08:A1:53:BE:71 
> -j DROP
> 
> -- 
> wbr, Logechnik Alexandr
> 
> In God we trust, but something 
> else must have X.509 certificate
> 
> 
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

Re: problem using MAC address.

[Ложечник Александр]

ads nat wrote:

>Hi,
>I want block forwarding as follows :
>
>"iptables -I INPUT 1 -i eth1 -p tcp -m tcp --dport 25
>-m mac --mac-source 00:08:A1:53:BE:71 -d ! 10.0.0.2 -j
>DROP"
>
>it does not work but when I try to do same thing with
>rule 
>"iptables -D FORWARD -i eth1 -p tcp -m tcp --dport 25
>-s 192.168.0.42 -d ! 10.0.0.2 -j DROP"
>
>Is there any sytax error.
>
>Or Do I have to installed any additional module of
>iptables.
>I am using Redhat 9.0 Linux.
>Please guide me.
>
>Thanks for support.
>
>
>
>		
>__________________________________
>Do you Yahoo!?
>Take Yahoo! Mail with you! Get it on your mobile phone.
>http://mobile.yahoo.com/maildemo 
>
>
>  
>
You try delete some chain. You need:

"iptables -A FORWARD -i eth1 -p tcp -m tcp --dport 25
-s 192.168.0.42 -d ! 10.0.0.2 -j DROP"



-- 
wbr, Logechnik Alexandr

In God we trust, but something 
else must have X.509 certificate

Re: problem using MAC address.

[Jason Opperisano]

On Wed, 2004-10-27 at 05:50, ads nat wrote:
> Hi,
> I want block forwarding as follows :
> 
> "iptables -I INPUT 1 -i eth1 -p tcp -m tcp --dport 25
> -m mac --mac-source 00:08:A1:53:BE:71 -d ! 10.0.0.2 -j
> DROP"

if you're trying to block FORWARDING, why not try putting that rule in
the FORWARD chain instead of the INPUT chain?

> it does not work but when I try to do same thing with
> rule 
> "iptables -D FORWARD -i eth1 -p tcp -m tcp --dport 25
> -s 192.168.0.42 -d ! 10.0.0.2 -j DROP"

that is a command that deletes a rule out of the FORWARD chain

> Is there any sytax error.
> 
> Or Do I have to installed any additional module of
> iptables.
> I am using Redhat 9.0 Linux.
> Please guide me.

wanna clue us in as to what exactly you're trying to do?

-j

-- 
Jason Opperisano <opie@817west.com>

Re: problem using MAC address.

[Logechnik Alexandr]

ads nat wrote:

>Hi,
>I want block forwarding as follows :
>
>"iptables -I INPUT 1 -i eth1 -p tcp -m tcp --dport 25
>-m mac --mac-source 00:08:A1:53:BE:71 -d ! 10.0.0.2 -j
>DROP"
>
>it does not work but when I try to do same thing with
>rule 
>"iptables -D FORWARD -i eth1 -p tcp -m tcp --dport 25
>-s 192.168.0.42 -d ! 10.0.0.2 -j DROP"
>
>Is there any sytax error.
>
>Or Do I have to installed any additional module of
>iptables.
>I am using Redhat 9.0 Linux.
>Please guide me.
>
>Thanks for support.	
>
Sorry, for the fulless answer.

You not need:
iptables -I INPUT 1 -i eth1 -p tcp --dport 25 -m mac --mac-source 
00:08:A1:53:BE:71 -j DROP

You need:
iptables -A FORWARD -p tcp --dport 25 -m --mac-source 00:08:A1:53:BE:71 
-j DROP

-- 
wbr, Logechnik Alexandr

In God we trust, but something 
else must have X.509 certificate