From: Ramin Alidousti <ramin@cannon.eng.us.uu.net>
To: lartc@vger.kernel.org
Subject: [LARTC] Re: SNAT based on MAC before routing
Date: Thu, 21 Nov 2002 15:39:22 +0000 [thread overview]
Message-ID: <marc-lartc-103789325127500@msgid-missing> (raw)
On Thu, Nov 21, 2002 at 10:08:59AM +0100, Eduard Calvo (B-teljpa) EXP JAN 03 wrote:
>
> Hi Ramin,
>
> Thanks for your answer. But this solution is not suitable to me. This would
> be a good solution if the only thing I had to do is to route packets based on
> MAC. The problem is that I have to SNAT before routing.
>
> The reason is that I have to capture http traffic and redirect it through a
> local Apache Server that I have in my Linux box. The server has to be able to
> distinguish over hosts, and if I do SNAT in postrouting it will see the real
> ip address of the packet, and not the NAT'ed address. I wonder if maybe Apache
> has access to fields of the ip header (like TOS), because I would use these
> fields to make Apache distinguish clients.
>
> Another solution is to implement a local process that, for each packet
> captured, NATs the source address. But I don't know in which chain of iptables
> could it leave the packets...
>
> Do you know another suitable alternative??
If you want to have a log of the HTTP activity based on the MAC then
I'd suggest you to do something like this:
iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \
--mac-source XX:XX:XX:XX:XX:XX -j LOG --log-prefix "Machine A"
iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \
--mac-source YY:YY:YY:YY:YY:YY -j LOG --log-prefix "Machine B"
iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \
--mac-source ZZ:ZZ:ZZ:ZZ:ZZ:ZZ -j LOG --log-prefix "Machine C"
But if you want to do something at HTTP level based on the MAC, the
only thing I can think of is to run apache at different ports and
redirect the traffic based on the MAC to these seperate ports.
Ramin
>
> Please, excuse my english, it's not my native language.
> Thank you in advanced.
>
> Eduard.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
reply other threads:[~2002-11-21 15:39 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103789325127500@msgid-missing \
--to=ramin@cannon.eng.us.uu.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.