* [LARTC] mac-match doesnt work
@ 2001-01-16 11:59 Stefan
0 siblings, 0 replies; only message in thread
From: Stefan @ 2001-01-16 11:59 UTC (permalink / raw)
To: lartc
<PRE>Hello,
I'm using iptables to masquerade isdn (and snat adsl) transfer to the
internet. This works great.
Now I want to restrict access to certain computers. Therefore I want to use
mac-match. I enabled it in the Kernel and I'm using following script to
accept connections. But unfortunately I can't get access to the Internet with
this setup. Seems that traffic doesn't come back to the initiating computer.
Ping from the router to the internet works, but not from the client to the
internet.
Does anybody know where I made the mistake?
-- snap --
# Flushing all chains
$IPTABLES -F -t nat
$IPTABLES -F -t filter
$IPTABLES -F -t mangle
$IPTABLES -t filter -P FORWARD DROP
-- snap -- masquerading all transfer to ISDN, allowing transfer to local net
$IPTABLES -t nat -A POSTROUTING -o ippp0 -d ! $LOCALNET -j MASQUERADE
$IPTABLES -t filter -A FORWARD -s ! $LOCALNET -j ACCEPT
-- snap -- snat and restricting transfers to specific computers
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s $COMP1 -d $ANYWHERE -j SNAT --to
$WORLDIP
$IPTABLES -t filter -A FORWARD -s $COMP1 -m mac --mac-source $COMP1MAC -j
ACCEPT
-- snap --
--
thanx
Stefan
Email: <A HREF="mailto:stefan.bayer@gmx.net">stefan.bayer@gmx.net</A>
----------------------------------------------------
My Box said: "Install Win95 or better ..." So I installed Linux.
Microsoft gives you Windows
Linux gives you the whole house
</PRE>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-01-16 11:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-01-16 11:59 [LARTC] mac-match doesnt work Stefan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.