Hello,
I''m using iptables to masquerade isdn (and snat adsl) transfer to the
internet. This works great.
Now I want to restrict access to certain computers. Therefore I want to use
mac-match. I enabled it in the Kernel and I''m using following script to
accept connections. But unfortunately I can''t get access to the
Internet with
this setup. Seems that traffic doesn''t come back to the initiating
computer.
Ping from the router to the internet works, but not from the client to the
internet.
Does anybody know where I made the mistake?
-- snap --
# Flushing all chains
$IPTABLES -F -t nat
$IPTABLES -F -t filter
$IPTABLES -F -t mangle
$IPTABLES -t filter -P FORWARD DROP
-- snap -- masquerading all transfer to ISDN, allowing transfer to local net
$IPTABLES -t nat -A POSTROUTING -o ippp0 -d ! $LOCALNET -j MASQUERADE
$IPTABLES -t filter -A FORWARD -s ! $LOCALNET -j ACCEPT
-- snap -- snat and restricting transfers to specific computers
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s $COMP1 -d $ANYWHERE -j SNAT --to
$WORLDIP
$IPTABLES -t filter -A FORWARD -s $COMP1 -m mac --mac-source $COMP1MAC -j
ACCEPT
-- snap --
--
thanx
Stefan
Email: stefan.bayer@gmx.net
----------------------------------------------------
My Box said: "Install Win95 or better ..." So I installed Linux.
Microsoft gives you Windows
Linux gives you the whole house