All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Re: SNAT based on MAC before routing
@ 2002-11-21 15:39 Ramin Alidousti
  0 siblings, 0 replies; only message in thread
From: Ramin Alidousti @ 2002-11-21 15:39 UTC (permalink / raw)
  To: lartc

On Thu, Nov 21, 2002 at 10:08:59AM +0100, Eduard Calvo (B-teljpa) EXP JAN 03 wrote:

>  
>   Hi Ramin, 
>  
>   Thanks for your answer. But this solution is not suitable to me. This would 
> be a good solution if the only thing I had to do is to route packets based on 
> MAC. The problem is that I have to SNAT before routing.  
>  
>   The reason is that I have to capture http traffic and redirect it through a 
> local Apache Server that I have in my Linux box. The server has to be able to 
> distinguish over hosts, and if I do SNAT in postrouting it will see the real 
> ip address of the packet, and not the NAT'ed address. I wonder if maybe Apache 
> has access to fields of the ip header (like TOS), because I would use these 
> fields to make Apache distinguish clients. 
>  
>   Another solution is to implement a local process that, for each packet 
> captured, NATs the source address. But I don't know in which chain of iptables 
> could it leave the packets... 
>  
>   Do you know another suitable alternative??  

If you want to have a log of the HTTP activity based on the MAC then
I'd suggest you to do something like this:

iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \
	--mac-source XX:XX:XX:XX:XX:XX -j LOG --log-prefix "Machine A"
iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \
	--mac-source YY:YY:YY:YY:YY:YY -j LOG --log-prefix "Machine B"
iptables -t mangle -A PREROUTING -p tcp --syn --dport 80 -m mac \
	--mac-source ZZ:ZZ:ZZ:ZZ:ZZ:ZZ -j LOG --log-prefix "Machine C"

But if you want to do something at HTTP level based on the MAC, the
only thing I can think of is to run apache at different ports and
redirect the traffic based on the MAC to these seperate ports.

Ramin

>  
>   Please, excuse my english, it's not my native language.  
>   Thank you in advanced. 
>  
>                                         Eduard. 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2002-11-21 15:39 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-21 15:39 [LARTC] Re: SNAT based on MAC before routing Ramin Alidousti

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.