[LARTC] mac-match doesnt work

[Stefan Bayer stefan.bayer@gmx.net]

<PRE>Hello,
I'm using iptables to masquerade isdn (and snat adsl) transfer to the 
internet. This works great.
Now I want to restrict access to certain computers. Therefore I want to use 
mac-match. I enabled it in the Kernel and I'm using following script to 
accept connections. But unfortunately I can't get access to the Internet with 
this setup. Seems that traffic doesn't come back to the initiating computer.
Ping from the router to the internet works, but not from the client to the 
internet.
Does anybody know where I made the mistake?
-- snap --
# Flushing all chains
$IPTABLES -F -t nat
$IPTABLES -F -t filter
$IPTABLES -F -t mangle

$IPTABLES -t filter -P FORWARD DROP

-- snap --  masquerading all transfer to ISDN, allowing transfer to local net
$IPTABLES -t nat -A POSTROUTING -o ippp0 -d ! $LOCALNET -j MASQUERADE
$IPTABLES -t filter -A FORWARD -s ! $LOCALNET -j ACCEPT
-- snap --  snat and restricting transfers to specific computers
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s $COMP1 -d $ANYWHERE -j SNAT --to  
    $WORLDIP
$IPTABLES -t filter -A FORWARD -s $COMP1 -m mac --mac-source $COMP1MAC -j 
    ACCEPT
-- snap --
-- 
thanx
Stefan
Email: <A HREF="mailto:stefan.bayer@gmx.net">stefan.bayer@gmx.net</A>

----------------------------------------------------
My Box said: &quot;Install Win95 or better ...&quot; So I installed Linux.

Microsoft gives you Windows
Linux gives you the whole house


</PRE>